On Wed, 2008-01-23 at 17:39 +0100, Balazs Scheidler wrote: > In my humble opinion it is totally wrong in the way you describe. > > Suppose you have 100 different queries, each 2 different arguments (on > average), you state that calling make_legal_sql() 200 times is a safer > approach than providing the same functionality in one place in compose? > > I'd bet that everyone would forget at least one make_legal_sql() > invocation. > > What does make_legal_sql() do in your example? I say that everything it > does can be done in the escaping mechanism that we described. Under the > term "escaping" I mean to do whatever transformation on the string > necessary to make it sane in the specific context.
what happens if I am using compose to build a shell command to be passed to system, where the rules for escaping are totally different? For example, in a shell script, you cannot put single quotes "inside" other single quotes *even if they are escaped". how is compose() supposed to know this? sure, if you want to do ustring::sql_compose() then go ahead, but then you will also need ustring::python_compose(), ustring::sh_compose(), all the way down to ustring::some_language_i_have_forgotten_compose(). leave compose to do the job of merging strings; use other code to handle language-context-specific escaping. --p _______________________________________________ gtkmm-list mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gtkmm-list
