[Info-vax] Teaching, was: Re: Any stronger versions of the LMF planned ?
Lawrence D’Oliveiro
lawrencedo99 at gmail.com
Thu Aug 12 19:40:33 EDT 2021
On Friday, August 13, 2021 at 12:15:25 AM UTC+12, Simon Clubley wrote:
>
> You need to learn the SQL syntax and how to apply it to applications but
> you should be using a parameter based API to actually build the SQL query.
There seems to be a lot of fear and loathing around the simple concept of properly escaping parameter values in SQL and other embedded languages, isn’t there? This stuff isn’t so hard--they’re all just regular grammars, after all.
All the decent DBMS APIs offer a “format_sql_value()” function or equivalent anyway. Though strangely, none of them, that I have seen, have an “escape_sql_wildcard()” that you can use to turn user-entered literal data into a LIKE clause. So I find myself having to roll my own.
But this is getting away from the point, that COBOL’s supposed “business” orientation actually built-in a massive blind spot to what was actually emerging as business needs.
More information about the Info-vax
mailing list