Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #105710

Re: WP-A: A New URL Shortener

Path csiph.com!fu-berlin.de!uni-berlin.de!not-for-mail
From Chris Angelico <rosuav@gmail.com>
Newsgroups comp.lang.python
Subject Re: WP-A: A New URL Shortener
Date Sat, 26 Mar 2016 08:48:24 +1100
Lines 51
Message-ID <mailman.13.1458942513.28225.python-list@python.org> (permalink)
References <1537bd9e261.12a0e5b4a204345.4468160629979098801@vmesel.com> <CAGq7KhregQabRkwUg6EQbqqy97FaYrC7WuWuSdO-=mhg0GSneg@mail.gmail.com> <500E8DF1-DCAC-4923-BD94-06DA1716484A@vmesel.com> <mailman.291.1458254120.12893.python-list@python.org> <1964524.jFVgOtWIx9@PointedEars.de> <mailman.298.1458257054.12893.python-list@python.org> <2334208.C0ktZ5B2k1@PointedEars.de> <mailman.392.1458396992.12893.python-list@python.org> <4500052.tJGngFWhWt@PointedEars.de>
Mime-Version 1.0
Content-Type text/plain; charset=UTF-8
Content-Transfer-Encoding quoted-printable
X-Trace news.uni-berlin.de 1FI9t/NaoI1k77rUt4OuAA36zSA6juUxFe7cXS+t59oQ==
Return-Path <rosuav@gmail.com>
X-Original-To python-list@python.org
Delivered-To python-list@mail.python.org
X-Spam-Status OK 0.007
X-Spam-Evidence '*H*': 0.99; '*S*': 0.00; 'received:209.85.223': 0.03; 'context': 0.05; 'escape': 0.07; 'cc:addr:python-list': 0.09; 'back-end': 0.09; 'given,': 0.09; 'orm': 0.09; 'statements': 0.09; 'python': 0.10; '*and': 0.16; '*you*': 0.16; '2016': 0.16; 'afterwards.': 0.16; 'decent': 0.16; 'enlighten': 0.16; 'from:addr:rosuav': 0.16; 'from:name:chris angelico': 0.16; 'postgresql)': 0.16; 'query,': 0.16; 'query.': 0.16; 'received:io': 0.16; 'received:psf.io': 0.16; 'subject:URL': 0.16; 'wrote:': 0.16; '>>>': 0.20; 'cc:2**0': 0.20; 'cc:addr:python.org': 0.20; 'am,': 0.23; 'code,': 0.23; 'code.': 0.23; 'daniel': 0.23; 'sat,': 0.23; 'thanks,': 0.24; 'header:In- Reply-To:1': 0.24; 'chris': 0.26; 'parameters': 0.27; 'least': 0.27; 'message-id:@mail.gmail.com': 0.27; 'cool': 0.27; 'said,': 0.27; "skip:' 10": 0.28; 'embed': 0.29; 'code': 0.30; 'query': 0.30; 'option': 0.31; 'statement': 0.32; 'options': 0.33; 'recommended': 0.34; 'received:google.com': 0.35; 'could': 0.35; 'but': 0.36; 'url:org': 0.36; 'received:209.85': 0.36; 'subject:: ': 0.37; 'associated': 0.38; 'received:209': 0.38; 'easily': 0.39; 'subject:-': 0.39; 'easy': 0.60; 'future': 0.60; 'back': 0.62; 'is.': 0.63; 'thomas': 0.63; 'more': 0.63; 'different': 0.63; 'mar': 0.65; '>>>>>': 0.66; 'effective.': 0.66; 'url:index': 0.67; 'choose': 0.68; 'skip:\xe2 10': 0.70; '26,': 0.72; '8bit%:27': 0.72; 'special': 0.73; '1990s,': 0.84; 'chrisa': 0.84; 'execution.': 0.84; 'url:29': 0.84; 'url:php': 0.86; 'to:none': 0.91
DKIM-Signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:cc :content-transfer-encoding; bh=Sq9XwLXoBUvJ/ulrbnFC3p9XM1DDvEFpU6b/P3FrSQU=; b=MrVcMDYH5tyfLfJmqQpbFQ+Lqa59HfUdK8s3+QCxvKF07EdM+0Oc7IWIwMFzgCw/ca I1tUgVgw/ALFuWJX6v9rrjUzlwvbTRPgpkzMY2NmRqN+TCln+krRR9q5fF6dbm/i0P8W yRvdD+/VliqLA8WOafwbDGFB5StZ+OnSUwZ/+5+Yar+z9Ew9tObOB87+Mk6WLA+hbBPq 1p1o1PTa9Qj0cg9mZ8kpUfzJ5ub7GDEnFKrAGbR0yvQ0HxEcEEvX9fIX0HgcIoIZj4+Q xvQpqOTbOl3lVkuq+AfSI8DwSFDLjmkszWdSFOwXN2kPQqpBeDdX8h0faG/QNeJGV0uB 45IQ==
X-Google-DKIM-Signature v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:cc:content-transfer-encoding; bh=Sq9XwLXoBUvJ/ulrbnFC3p9XM1DDvEFpU6b/P3FrSQU=; b=Qr7YtPnjcLty9OObfkN5MwqNKmTXpZ9qhehiKyf1l6VFSr+mi4k4cOJi2hFhan0Utq 4nHstSVcQ86FcCp/UDQQXjKmQwfxlSTNPc5BEr4dqaa58ldrpixOh6XG1iF9SYY8xnzH sn9j2KqSObhRB20O9ijfkANiAI+BkHKMYoLk3+/2giiucHefmmUSjDgc/GmzC6FzPGWQ nQ6g3hO2pUG8jPL9b6P/7da+GYLMHakcC1q2WWtpBMMb3yuHPixpRd4dK1uiMbC3p1nj JxljPTsuUyjgrfUC1TEDymwkqHe+eF+dSEVBj1T/wNHYeS1hP5J2tbMkni9uibvraFfn 4Slw==
X-Gm-Message-State AD7BkJIDQIqZF4jzJ2xw1QmpLitM0VQOQy95/Q858MfoaC7fWIef6/Spz8B2GYyb4nFs+y/4t2rIewbKC0XrLg==
X-Received by 10.107.169.105 with SMTP id s102mr14835343ioe.19.1458942505107; Fri, 25 Mar 2016 14:48:25 -0700 (PDT)
In-Reply-To <4500052.tJGngFWhWt@PointedEars.de>
X-BeenThere python-list@python.org
X-Mailman-Version 2.1.21
Precedence list
List-Id General discussion list for the Python programming language <python-list.python.org>
List-Unsubscribe <https://mail.python.org/mailman/options/python-list>, <mailto:python-list-request@python.org?subject=unsubscribe>
List-Archive <http://mail.python.org/pipermail/python-list/>
List-Post <mailto:python-list@python.org>
List-Help <mailto:python-list-request@python.org?subject=help>
List-Subscribe <https://mail.python.org/mailman/listinfo/python-list>, <mailto:python-list-request@python.org?subject=subscribe>
Xref csiph.com comp.lang.python:105710

Show key headers only | View raw

On Sat, Mar 26, 2016 at 8:28 AM, Thomas 'PointedEars' Lahn
<PointedEars@web.de> wrote:
> Chris Angelico wrote:
>
>> […] Thomas 'PointedEars' Lahn […] wrote:
>>> Chris Angelico wrote:
>>>> […] Thomas 'PointedEars' Lahn […] wrote:
>>>>> Daniel Wilcox wrote:
>>>>>> Cool thanks, highly recommended to use an ORM to deter easy SQL
>>>>>> injections.
>>>>> That is to crack a nut with a sledgehammer.  SQL injection can be
>>>>> easily and more efficiently prevented with prepared statements.  […]
>>>> You don't even need prepared statements. All you need is parameterized
>>>> queries.
>>> A prepared statement in this context uses a parameterized query.
>>>
>>>
> <https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet#Defense_Option_1:_Prepared_Statements_.28Parameterized_Queries.29>
>>
>> I know what a prepared statement is. And I know that they are
>> effective. However they are overkill - as I said, you merely need
>> parameterization.
>
> Then enlighten me, please: How is “parameterization” or a “parameterized
> query”, as *you* understand it, different from a prepared statement?

This is a prepared statement:

http://www.postgresql.org/docs/current/static/sql-prepare.html

You use a special "PREPARE" query to create *and store* a half-run
query, and then you execute it afterwards. Back in the 1990s, I had
the option of actually *compiling* my SQL queries as part of my C
code, which would prepare all the queries for future execution. It is
completely different from the dynamic parameterized queries that most
people use.

Parameterization is a more general concept which prepared statements
invariably use, but which general code need not use. A Python database
connector could choose to PREPARE/EXECUTE for every query it's given,
or it could choose to escape all the parameters and embed them, or it
could (if it's using a decent database back-end like PostgreSQL)
simply send the query and its associated parameters as-is. Only one of
these options is a "prepared statement". All three are "parameterized
queries", at least from the POV of Python code.

ChrisA

Back to comp.lang.python | Previous | NextPrevious in thread | Next in thread | Find similar | Unroll thread

Thread

Re: WP-A: A New URL Shortener Daniel Wilcox <dmw@yubasolutions.com> - 2016-03-17 15:34 -0700
  Re: WP-A: A New URL Shortener Thomas 'PointedEars' Lahn <PointedEars@web.de> - 2016-03-18 00:17 +0100
    Re: WP-A: A New URL Shortener Thomas 'PointedEars' Lahn <PointedEars@web.de> - 2016-03-19 15:00 +0100
      Re: WP-A: A New URL Shortener Thomas 'PointedEars' Lahn <PointedEars@web.de> - 2016-03-25 22:28 +0100
        Re: WP-A: A New URL Shortener Chris Angelico <rosuav@gmail.com> - 2016-03-26 08:48 +1100
          Re: WP-A: A New URL Shortener Thomas 'PointedEars' Lahn <PointedEars@web.de> - 2016-03-25 23:25 +0100
            Re: WP-A: A New URL Shortener Chris Angelico <rosuav@gmail.com> - 2016-03-26 10:04 +1100
              Re: WP-A: A New URL Shortener Thomas 'PointedEars' Lahn <PointedEars@web.de> - 2016-03-26 04:30 +0100
                Re: WP-A: A New URL Shortener Chris Angelico <rosuav@gmail.com> - 2016-03-26 14:46 +1100
                Re: WP-A: A New URL Shortener Thomas 'PointedEars' Lahn <PointedEars@web.de> - 2016-04-06 20:42 +0200

csiph-web