Re: ustring compose escaping capability
- From: Paul Davis <paul linuxaudiosystems com>
- To: Balazs Scheidler <bazsi balabit hu>
- Cc: gtkmm-list gnome org
- Subject: Re: ustring compose escaping capability
- Date: Wed, 23 Jan 2008 16:51:09 -0500
On Wed, 2008-01-23 at 17:39 +0100, Balazs Scheidler wrote:
> In my humble opinion it is totally wrong in the way you describe.
>
> Suppose you have 100 different queries, each 2 different arguments (on
> average), you state that calling make_legal_sql() 200 times is a safer
> approach than providing the same functionality in one place in compose?
>
> I'd bet that everyone would forget at least one make_legal_sql()
> invocation.
>
> What does make_legal_sql() do in your example? I say that everything it
> does can be done in the escaping mechanism that we described. Under the
> term "escaping" I mean to do whatever transformation on the string
> necessary to make it sane in the specific context.
what happens if I am using compose to build a shell command to be passed
to system, where the rules for escaping are totally different? For
example, in a shell script, you cannot put single quotes "inside" other
single quotes *even if they are escaped". how is compose() supposed to
know this?
sure, if you want to do ustring::sql_compose() then go ahead, but then
you will also need ustring::python_compose(), ustring::sh_compose(), all
the way down to ustring::some_language_i_have_forgotten_compose().
leave compose to do the job of merging strings; use other code to handle
language-context-specific escaping.
--p
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]