On Mon, 10 Dec 2007, Hans-Christoph Steiner wrote:
The other somewhat common style that I saw in my searches was printf patterns
(%s, %f, etc). In Pd, [makefilename], [makesymbol], [sprintf], and perhaps
others use this syntax. The single ? notation seems to be supported by at
least these, if you want to call that "specific": Qt, PerlDBI, Perl's
DBD::Pg, RubyDBI, PHP PDO, Java JDBC, MySQL, Oracle.
Well, maybe I shouldn't have said "specific", but when I look at any PHP
code that I find, it seems that they haven't discovered what's a
placeholder yet, for example. So, it seems that it's not so universal.
I think it is quite important to reuse existing syntax rather than
introducing new syntax. Minimal syntax is really one of Pd's biggest
strengths. Since these lines would be pure SQL, I think it would be
appropriate to use a common SQL syntax.
If you wanted to reuse existing Pd syntax, you could abstract out SQL
syntax completely and make a database interface that fully feels like Pd.
The Rails web framework has something like that.
I just had a thought, SQL injection relies on being able to send semi-colons
in text fields.
This is not true. I have already posted an example in this thread on how
to delete a whole table using SQL injection without a semicolon.
You can't transmit a semicolon in a message in Pd,
This is not true. You can't type one in a messagebox, that's all. You can
make one anytime with [makefilename]. You can edit a pd file and insert a
sufficiently backslashed semicolon and it will appear.
Also, a non-backslashed semicolon in an objectbox is parsed as a symbol of
1 character and it is passed as an argument to the newmethod. Calling a
newmethod is to send a message.
then no one will ever be able to send a semi-colon to [sqlite]/[psql].
Pd would always interpret the semi-colon before the object received it
on its cold inlet. AFAIK, that eliminates basically all of the really
bad SQL injection attacks.
Dream on!
_ _ __ ___ _____ ________ _____________ _____________________ ...
| Mathieu Bouchard - tél:+1.514.383.3801, Montréal QC Canada
_______________________________________________
[email protected] mailing list
UNSUBSCRIBE and account-management ->
http://lists.puredata.info/listinfo/pd-list
