From mboxrd@z Thu Jan 1 00:00:00 1970 Path: news.gmane.io!.POSTED.blaine.gmane.org!not-for-mail From: Tomas Hlavaty Newsgroups: gmane.emacs.devel Subject: Re: [NonGNU ELPA] New package: sqlite3 Date: Tue, 21 Mar 2023 21:36:47 +0100 Message-ID: <874jqddeow.fsf@logand.com> References: <87cz5o6csk.fsf@bernoul.li> <87mt4swxsw.fsf@posteo.net> <875ybd7mbh.fsf@bernoul.li> <87y1nzb95o.fsf@posteo.net> Mime-Version: 1.0 Content-Type: text/plain Injection-Info: ciao.gmane.io; posting-host="blaine.gmane.org:116.202.254.214"; logging-data="33962"; mail-complaints-to="usenet@ciao.gmane.io" Cc: Jonas Bernoulli , emacs-devel@gnu.org To: Jean Louis , Philip Kaludercic Original-X-From: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Tue Mar 21 21:37:48 2023 Return-path: Envelope-to: ged-emacs-devel@m.gmane-mx.org Original-Received: from lists.gnu.org ([209.51.188.17]) by ciao.gmane.io with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1peijs-0008eO-4D for ged-emacs-devel@m.gmane-mx.org; Tue, 21 Mar 2023 21:37:48 +0100 Original-Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1peijA-0003wE-7E; Tue, 21 Mar 2023 16:37:04 -0400 Original-Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1peij8-0003vU-2g for emacs-devel@gnu.org; Tue, 21 Mar 2023 16:37:02 -0400 Original-Received: from logand.com ([37.48.87.44]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1peij6-0002Ae-OH for emacs-devel@gnu.org; Tue, 21 Mar 2023 16:37:01 -0400 Original-Received: by logand.com (Postfix, from userid 1001) id C3AF619E638; Tue, 21 Mar 2023 21:36:48 +0100 (CET) X-Mailer: emacs 28.1 (via feedmail 11-beta-1 I) In-Reply-To: Received-SPF: pass client-ip=37.48.87.44; envelope-from=tom@logand.com; helo=logand.com X-Spam_score_int: -18 X-Spam_score: -1.9 X-Spam_bar: - X-Spam_report: (-1.9 / 5.0 requ) BAYES_00=-1.9, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no X-Spam_action: no action X-BeenThere: emacs-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Emacs development discussions." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Original-Sender: emacs-devel-bounces+ged-emacs-devel=m.gmane-mx.org@gnu.org Xref: news.gmane.io gmane.emacs.devel:304683 Archived-At: On Tue 21 Mar 2023 at 09:51, Jean Louis wrote: > While such packages exists, for me I do not find them usable as then I > have to forget about the SQL and learn about the new Emacs Lisp > structure that is to correspond to SQL. I see personally no benefit in > that. [...] > (sql (format "SELECT DISTINCT ON (people_id) ^ sql injection danger right there Using strings is a bad idea. You have to manually ensure every such use is properly escaped. If you used sexp and let elisp do the conversion, every such usage could be automatically properly escaped. Also using sexp does not mean you cannot use plain sql: (sql `(SELECT DISTINCT ON (people_id)