Path: csiph.com!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: Niklas Karlsson <nikke.karlsson@gmail.com>
Newsgroups: alt.folklore.computers,comp.os.linux.misc
Subject: Re: The joy of FORTRAN
Date: 4 Mar 2025 12:25:54 GMT
Organization: Department of Redundancy Department
Lines: 37
Message-ID: <m2o9qiFdodmU2@mid.individual.net>
References: <cxicnVzg_cn_eGX7nZ2dnZfqnPadnZ2d@earthlink.com> <vppj5n$33b82$4@dont-email.me> <m2clmbFl430U10@mid.individual.net> <m2dp4gF577vU2@mid.individual.net> <TeucnZgT9qpy_F_6nZ2dnZfqnPGdnZ2d@giganews.com> <vpujqm$5g9r$2@dont-email.me> <V82cnbblIbFrdF76nZ2dnZfqn_udnZ2d@giganews.com> <m2ld72Fhq3U1@mid.individual.net> <vq4hik$1bvqe$4@dont-email.me> <m2mdm6F5c4eU2@mid.individual.net> <vq52ov$1f9re$3@dont-email.me> <794451758.762727703.370029.peter_flass-yahoo.com@news.eternal-september.org> <JcpxP.90419$l0_4.90044@fx43.iad> <U8ucnSHoTMX25lv6nZ2dnZfqn_adnZ2d@giganews.com> <m2nkn3Fap9pU1@mid.individual.net> <vq6h7p$1q495$10@dont-email.me>
X-Trace: individual.net b3A8pM05CfVez8zH2sDD1wj6e4rN+5CLvFnpSgrEgjO1ub6Kjk
Cancel-Lock: sha1:1jzAT8VdOCH0xddJMjQAVQN35Fk= sha256:SG3EW84CkWNrNSSMzFn5+hSvuaccHFMk97/Xua5uILc=
User-Agent: slrn/1.0.3 (Linux)
Xref: csiph.com alt.folklore.computers:230344 comp.os.linux.misc:66039

On 2025-03-04, The Natural Philosopher <tnp@invalid.invalid> wrote:
> On 04/03/2025 06:25, rbowman wrote:
>> On Mon, 3 Mar 2025 23:02:44 -0500, c186282 wrote:
>> 
>>>     It's easy to kinda drift into that during development, you always
>>>     think of ONE more thing you need to pass. However stage two, you put
>>>     all that crap in a struct and pass one pointer. Each function can
>>>     extract what it needs from that struct and ignore the rest.
>> 
>> I never made it to anywhere close to 60 parameters. We did have one
>> utility that took 22 command line parameters but it was never meant to be
>> invoked manually and came with a csh. Even then they all were stuffed into
>> a struct before the real function was called.
>> 
>> Even worse, the parameters were field widths in a positional record. I
>> truly hate positional records but the damn things live on.
> len=sprintf(query,"insert into day set 
> timestamp='%s',demand='%f',frequency='%f',coal='%f',nuclear='%f',ccgt='%f',ocgt='%f',french_ict='%f', 
> irish_ict='%f', dutch_ict='%f', ew_ict= '%f', 
> pumped='%f',hydro='%f',wind='%f',oil='%f',other='%f', north_south='%f', 
> scotland_england='%f', solar='%f', biomass='%f', nemo='%f',ifa2='%f', 
> nsl='%f', intelec_ict='%f',vkl_ict=%f",
> 		timestr,total,frequency,coal, 
> nuclear,ccgt,ocgt,france,ireland,holland,ew,pumped,hydro,wind,oil,other,north_south,scotland_england, 
> solar, biomass,nemo,ifa2,nsl,intelec,vkl );

Not a terribly safe way to build a query. Any database API worth its
salt should have a way to build one with placeholders instead, so the
parameters automatically get special characters escaped and are
generally safer from malicious data.

Niklas
-- 
"Johnny come LARTly
 The new BOFH in town
 Everyone fears him
 So don't let them down..."    -- Jack Twilley