On Tue, Sep 29, 2009 at 2:50 AM, Alexey Pechnikov
<[email protected]> wrote:
> Hello!
>
> On Tuesday 29 September 2009 08:11:36 Tom Jackson wrote:
>> How does '9999999999999999999'::int solve the problem?
>
> The example return the equal result in different PostgreSQL versions
> (may be result can depend from platform). Strict type cast is defined
> in documentation and may be safety. And this is independant of the
> database schema.
>
> When you try to store 9999999999999999999 as is then database
> can translate it to integere and return otherflow error, or translate it
> to float or text without error. This depends of the database schema.
> So code can't be validated without the schema of the database.
>
I'm not sure how this turned into a discussion of buffer overflows and
potential mismatch between programming language/database data types.
Unless you actually test your specific code with your specific
environment you will always face this possibility.
The issue with quoting user input (surrounding quotes) has to do with
detecting if the input could be a number or not. Some databases don't
allow numbers to be quoted, some do. If your database allows
surrounding quotes, you don't need to check if the user input looks
like a number, you can just add the surrounding quotes.
If you use a basic type system, you can do a little better than this.
For char and varchar, you can check the length of the user input
(after [string map {' ''} $string]). If an input has a default value,
this can be automatically added. Note that the default might be NULL,
which is not quoted, a type system could handle this situation easily.
>> If you need strict type checking in Tcl, try out the type code in
>> tWSDL. It has very good numeric type definition and validation
>> support.
>
I added a new comparison, which is helpful for those who rely on Tcl
to do type checking:
http://junom.com/document/twt/view/www/decimal3.tcl (code at decimal3.tcl~)
This compares xml schema's decimal type to Tcl int and Tcl double.
Tcl's double is very close, but does include hex and untrimmed
numbers. Like decimal2.tcl the canonical value is included. Tcl int
also fails to recognize some non-canonical integer values.
You can use tWSDL's type code to further restrict the numeric type.
For instance, the system uses the base type decimal to define other
types:
restrictDecimal xsd integer xsd::decimal {fractionDigits 0}
restrictDecimal xsd int xsd::decimal {fractionDigits 0 minInclusive
-2147483648 maxInclusive 2147483647}
restrictDecimal xsd nonPositiveInteger xsd::integer {maxInclusive 0}
restrictDecimal xsd negativeInteger xsd::integer {maxInclusive -1}
restrictDecimal xsd short xsd::integer {minInclusive -32768 maxInclusive 32767}
restrictDecimal xsd byte xsd::integer {minInclusive -128 maxInclusive 127}
You can see the type checking code which is generated from the above
commands here:
http://junom.com/ws/mywebservice/?ws=mywebservice&ns=::wsdb::types::xsd
You can test values against an example restricted decimal type defined as:
mywebservice::TestDecimal {minExclusive -321.01 maxInclusive 456.78
totalDigits 5 fractionDigits 2}
using this web form:
http://junom.com/ws/mywebservice/?op=TestDecimalValueOperation&mode=display
tom jackson
--
AOLserver - http://www.aolserver.com/
To Remove yourself from this list, simply send an email to
<[email protected]> with the
body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject:
field of your email blank.
