docAvid

@docAvid@midwest.social

Not actually a doctor.

This profile is from a federated server and may be incomplete. Browse more on the original instance.

docAvid,

But an irreplaceable liability.

docAvid,

But an irreplaceable liability.

docAvid,

Bold of you to assume they were using source control under that manager…

docAvid, (edited )

I mean, that’s just a bad library interface. With a halfway decent interface, you can do something like


<span style="color:#323232;">query('insert into foo (status, name) values (:status, :name)', ent)
</span>

No orm required. With tagged templates in JS, you can do


<span style="color:#323232;">q`insert into foo (status, name) values (${ent.status}, ${ent.name})`
</span>

Even wrap it in a function with destructuring to get rid of ent:


<span style="color:#323232;">const addFoo = (q, {status, name}) =>
</span><span style="color:#323232;">    q`insert into foo (status, name) values (${status}, ${name})`
</span>

Typescript can add type safety on top of that, of course. And there’s the option to prepare a query once and execute it multiple times.

Honestly, the idea of manipulating XML queries, if you mean anything more fancy than the equivalent of parameter injection, sounds over-complicated, but I’d love to see a more concrete example of what you mean by that.

docAvid,

Postgres has the having clause. If it didn’t, that wouldn’t work, as you can’t use aggregates in a where. If you have to make do without having, for some reason, you can use a subquery, something like select * from (select someCalculatedValue(someInput) as lol) as stuff where lol > 42, which is very verbose, but doesn’t cause the sync problem.

Also, I don’t think they were saying the capability having gives is bad, but that a new query language should be designed such that you get that capability without it.

docAvid,

I’m not sure how including a final semicolon can protect against an injection attack. In fact, the “Bobby Tables” attack specifically adds in a semicolon, to be able to start a new command. If inputs are sanitized, or much better, passed as parameters rather than string concatenated, you should be fine - nothing can be injected, regardless of the semicolon. If you concatenate untrusted strings straight into your query, an injection can be crafted to take advantage, with or without a semicolon.

docAvid,

Cut to Mrs Claus baking a spice cake:

She’s all alone, all alone, in her time of spice

docAvid,

But it’s a categorical error. The analogy is about “git”, not “git repositories” or “DVCS repositories”.

docAvid,

This has some real “crimson eleven delight petrichor” vibes.

docAvid,

And it has a whole set of options based on common ls options. Classic and brilliant.

docAvid,

Weird. Booleanish isn’t a built-in, I’m pretty sure. I’d like to see the definition.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • localhost
  • All magazines
  • Loading…
    Loading the web debug toolbar…
    Attempt #