[Info-vax] Better languages than BASIC
Lawrence D'Oliveiro
ldo at nz.invalid
Mon Jan 15 14:50:27 EST 2024
On Mon, 15 Jan 2024 13:21:25 -0000 (UTC), Simon Clubley wrote:
> On 2024-01-12, Lawrence D'Oliveiro <ldo at nz.invalid> wrote:
>> On Fri, 12 Jan 2024 13:34:53 -0000 (UTC), Simon Clubley wrote:
>>
>>> For security reasons, I would have preferred to see that as a prepared
>>> statement instead of as a concatenated SQL statement.
>>
>> Feel free to show us how you would write it as same. Can your prepared-
>> statement system cope with variable numbers of fields? Variable field
>> names? Variable operator selections? All these were present in the
>> example.
>
> I have _never_ had the need to do that.
That was a real-world example. You must never have had the need to create
interactive query functions, then. That’s not the only example of that
kind of code I have written for clients. Did you note the ability to
choose what kind of comparison (less than, equals, greater than) to
perform against date fields? Try doing that with your “prepared
statements”.
More information about the Info-vax
mailing list