[PD] [psql] object hand-holding (fwd)
Mathieu Bouchard
matju at artengine.ca
Mon Dec 10 02:27:01 CET 2007
---------- Forwarded message ----------
Date: Sun, 9 Dec 2007 20:23:16 -0500 (EST)
From: Mathieu Bouchard <matju at artengine.ca>
To: Mike McGonagle <mjmogo at gmail.com>
Subject: Re: [PD] [psql] object hand-holding
On Sun, 9 Dec 2007, Mike McGonagle wrote:
> On 12/7/07, Mathieu Bouchard <matju at artengine.ca> wrote:
>> [sql select * from candies where flavour=? and colour=?]
> I am actually considering going back to this idea, as I can't seem to figure
> out why my current version of [sqlite] is crashing.
Try valgrind... best development tool of the decade, imho.
> I wish there were some sort of tutorial on troubleshooting problems like
> this, mostly because I don't really know where to start with something like
> 'gdb'.
Gdb is also useful, but often not, because it's too late: e.g. your [psql]
might be corrupting pd or something used by pd, and thus pd might not be able
to work properly anymore.
> This is why I thought of this in the first place. You generally don't modify
> the SQL, except to insert data.
Yes. Now when it comes to modifying the command at runtime, i don't know what
to do, because commas and semicolons are not evaled by objectboxes, whereas
they are double-trouble in messageboxes. Yet I wouldn't enjoy the long-winded
"addcomma" everytime a comma is used (most often INSERT but also SELECT that
has a join). Currently backslashes are not typable in messageboxes but they
would solve the problem in a less ugly way if they worked (as escape
character).
SQL injection is a big security issue, and it's hard to get it figure out all
holes. This is especially why one must use SQL placeholders. The other main
reason is so that one doesn't even have to think about strings. The other other
main reason is because the DB can precompile a statement for multiple uses.
_ _ __ ___ _____ ________ _____________ _____________________ ...
| Mathieu Bouchard - tél:+1.514.383.3801, Montréal QC Canada
More information about the Pd-list
mailing list