Affects Version/s: None
Fix Version/s: None
Ubuntu Linux 12.04
Testing against a DB2 database
The function db-do-prepared allows an optional second parameter "transaction?". Whether or not this was passed is done by checking it for being a string:
The assumption behind this seems to be, that a string indicates an SQL query parameter.
But, as the code a little further down shows, users can also pass in a prepared statement:
So, to find out if transaction? was passed as a parameter one could either check for string and prepared statement or turn the logic around an check for boolean:
The latter does not deal with nil which would probably be a natural choice for passing falsehood while the former would have to be extended when another thing may be passed as SQL, which seems unlikely.