Tracker.Sparql.Connection lacks a bind-parameters query
Submitted by mik..@..il.com
Link to original bug (#723234)
Description
Most queries I've ever seen or written are written for SQL, and best practice there is to use query parameter binding to prevent inadvertent errors and SQL injection attacks.
I just hit a bug in tracker-needle that I think is fundamentally caused by the lack of a bound version of the query_async method: https://bugs.launchpad.net/ubuntu/+source/tracker/+bug/1273955
Digging around in Valadoc suggests that the intended way to deal with that is to use Tracker.Sparql's escape_string method, but that's honestly rather clunky. Having a bound-parameter form for queries would be a distinct improvement.
Version: 0.16.x