[PD] [psql] object hand-holding (fwd)

[Mathieu Bouchard]

---------- Forwarded message ----------
Date: Sun, 9 Dec 2007 20:23:16 -0500 (EST)
From: Mathieu Bouchard <matju at artengine.ca>
To: Mike McGonagle <mjmogo at gmail.com>
Subject: Re: [PD] [psql] object hand-holding

On Sun, 9 Dec 2007, Mike McGonagle wrote:
> On 12/7/07, Mathieu Bouchard <matju at artengine.ca> wrote:
>> [sql select * from candies where flavour=? and colour=?]
> I am actually considering going back to this idea, as I can't seem to figure
> out why my current version of [sqlite] is crashing.

Try valgrind... best development tool of the decade, imho.

> I wish there were some sort of tutorial on troubleshooting problems like
> this, mostly because I don't really know where to start with something like
> 'gdb'.

Gdb is also useful, but often not, because it's too late: e.g. your [psql] 
might be corrupting pd or something used by pd, and thus pd might not be able 
to work properly anymore.

> This is why I thought of this in the first place. You generally don't modify
> the SQL, except to insert data.

Yes. Now when it comes to modifying the command at runtime, i don't know what 
to do, because commas and semicolons are not evaled by objectboxes, whereas 
they are double-trouble in messageboxes. Yet I wouldn't enjoy the long-winded 
"addcomma" everytime a comma is used (most often INSERT but also SELECT that 
has a join). Currently backslashes are not typable in messageboxes but they 
would solve the problem in a less ugly way if they worked (as escape 
character).

SQL injection is a big security issue, and it's hard to get it figure out all 
holes. This is especially why one must use SQL placeholders. The other main 
reason is so that one doesn't even have to think about strings. The other other 
main reason is because the DB can precompile a statement for multiple uses.

  _ _ __ ___ _____ ________ _____________ _____________________ ...
| Mathieu Bouchard - tél:+1.514.383.3801, Montréal QC Canada