From mboxrd@z Thu Jan  1 00:00:00 1970
Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail
From: Tomas Hlavaty <tom@logand.com>
Newsgroups: gmane.emacs.devel
Subject: Re: [NonGNU ELPA] New package: sqlite3
Date: Tue, 21 Mar 2023 21:36:47 +0100
Message-ID: <874jqddeow.fsf@logand.com>
References: <87cz5o6csk.fsf@bernoul.li> <87mt4swxsw.fsf@posteo.net>
 <875ybd7mbh.fsf@bernoul.li> <87y1nzb95o.fsf@posteo.net>
 <ZBlT640a+QaOyUMF@protected.localdomain>
Mime-Version: 1.0
Content-Type: text/plain
Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214";
	logging-data="33962"; mail-complaints-to="usenet@ciao.gmane.io"
Cc: Jonas Bernoulli <jonas@bernoul.li>, emacs-devel@gnu.org
To: Jean Louis <bugs@gnu.support>,
	Philip Kaludercic <philipk@posteo.net>
Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Tue Mar 21 21:37:48 2023
Return-path: <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>
Envelope-to: ged-emacs-devel@m.gmane-mx.org
Original-Received: from lists.gnu.org ([209.51.188.17])
	by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
	(Exim 4.92)
	(envelope-from <emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org>)
	id 1peijs-0008eO-4D
	for ged-emacs-devel@m.gmane-mx.org; Tue, 21 Mar 2023 21:37:48 +0100
Original-Received: from localhost ([::1] helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <emacs-devel-bounces@gnu.org>)
	id 1peijA-0003wE-7E; Tue, 21 Mar 2023 16:37:04 -0400
Original-Received: from eggs.gnu.org ([2001:470:142:3::10])
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <tom@logand.com>) id 1peij8-0003vU-2g
 for emacs-devel@gnu.org; Tue, 21 Mar 2023 16:37:02 -0400
Original-Received: from logand.com ([37.48.87.44])
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <tom@logand.com>) id 1peij6-0002Ae-OH
 for emacs-devel@gnu.org; Tue, 21 Mar 2023 16:37:01 -0400
Original-Received: by logand.com (Postfix, from userid 1001)
 id C3AF619E638; Tue, 21 Mar 2023 21:36:48 +0100 (CET)
X-Mailer: emacs 28.1 (via feedmail 11-beta-1 I)
In-Reply-To: <ZBlT640a+QaOyUMF@protected.localdomain>
Received-SPF: pass client-ip=37.48.87.44; envelope-from=tom@logand.com;
 helo=logand.com
X-Spam_score_int: -18
X-Spam_score: -1.9
X-Spam_bar: -
X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001,
 SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: emacs-devel@gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Emacs development discussions." <emacs-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/emacs-devel>
List-Post: <mailto:emacs-devel@gnu.org>
List-Help: <mailto:emacs-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/emacs-devel>,
 <mailto:emacs-devel-request@gnu.org?subject=subscribe>
Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org
Xref: news.gmane.io gmane.emacs.devel:304683
Archived-At: <http://permalink.gmane.org/gmane.emacs.devel/304683>

On Tue 21 Mar 2023 at 09:51, Jean Louis <bugs@gnu.support> wrote:
> While such packages exists, for me I do not find them usable as then I
> have to forget about the SQL and learn about the new Emacs Lisp
> structure that is to correspond to SQL. I see personally no benefit in
> that.
[...]
> (sql (format "SELECT DISTINCT ON (people_id) 
        ^
        sql injection danger right there

Using strings is a bad idea.  You have to manually ensure every such use
is properly escaped.  If you used sexp and let elisp do the conversion,
every such usage could be automatically properly escaped.

Also using sexp does not mean you cannot use plain sql:

   (sql `(SELECT DISTINCT ON (people_id)