[PD] [psql] object hand-holding (fwd)

Hans-Christoph Steiner hans at eds.org
Mon Dec 10 16:20:28 CET 2007 

On Dec 9, 2007, at 8:27 PM, Mathieu Bouchard wrote:

>
> ---------- Forwarded message ----------
> Date: Sun, 9 Dec 2007 20:23:16 -0500 (EST)
> From: Mathieu Bouchard <matju at artengine.ca>
> To: Mike McGonagle <mjmogo at gmail.com>
> Subject: Re: [PD] [psql] object hand-holding
>
> On Sun, 9 Dec 2007, Mike McGonagle wrote:
>> On 12/7/07, Mathieu Bouchard <matju at artengine.ca> wrote:
>>> [sql select * from candies where flavour=? and colour=?]
>> I am actually considering going back to this idea, as I can't seem  
>> to figure
>> out why my current version of [sqlite] is crashing.
>
> Try valgrind... best development tool of the decade, imho.

Could you post some instructions on how to use valgrind to debug Pd  
related things on the dev docs wiki?  It would be very useful:

http://puredata.info/docs/developer

.hc


>> I wish there were some sort of tutorial on troubleshooting  
>> problems like
>> this, mostly because I don't really know where to start with  
>> something like
>> 'gdb'.
>
> Gdb is also useful, but often not, because it's too late: e.g. your  
> [psql] might be corrupting pd or something used by pd, and thus pd  
> might not be able to work properly anymore.
>
>> This is why I thought of this in the first place. You generally  
>> don't modify
>> the SQL, except to insert data.
>
> Yes. Now when it comes to modifying the command at runtime, i don't  
> know what to do, because commas and semicolons are not evaled by  
> objectboxes, whereas they are double-trouble in messageboxes. Yet I  
> wouldn't enjoy the long-winded "addcomma" everytime a comma is used  
> (most often INSERT but also SELECT that has a join). Currently  
> backslashes are not typable in messageboxes but they would solve  
> the problem in a less ugly way if they worked (as escape character).
>
> SQL injection is a big security issue, and it's hard to get it  
> figure out all holes. This is especially why one must use SQL  
> placeholders. The other main reason is so that one doesn't even  
> have to think about strings. The other other main reason is because  
> the DB can precompile a statement for multiple uses.
>
>  _ _ __ ___ _____ ________ _____________ _____________________ ...
> | Mathieu Bouchard - tél:+1.514.383.3801, Montréal QC  
> Canada_______________________________________________
> PD-list at iem.at mailing list
> UNSUBSCRIBE and account-management -> http://lists.puredata.info/ 
> listinfo/pd-list



------------------------------------------------------------------------ 
----

I have the audacity to believe that peoples everywhere can have three  
meals a day for their bodies, education and culture for their minds,  
and dignity, equality and freedom for their spirits.      - Martin  
Luther King, Jr.

More information about the Pd-list mailing list