On Mon, Jun 21, 2021 at 11:36:25PM +0300, Jean Louis wrote: > * tomas@tuxteam.de [2021-06-21 17:12]: > > But you still see extremely bad habits "out there" which wouldn't be > > necessary these days -- because, well, they are "out there" (for > > example: assebling SQL queries with sprintf [1]). They take a life > > of their own :-) > > > > Cheers > > [1] https://xkcd.com/327/ > > Your small reference is definitely a possible danger if SQL input is > anyhow exposed [...] M< hint was rather a metaphor: using string operations on things that aren't really strings (in the original case: file system paths) can lead to surprising results. > the danger mentioned on the funny comic is practically non-existent as > it will never take place on my side [...] But your side is not "the world", and therefore Eli's warning was spot-on. Someone will browse the mail archives and copy your solution without knowing the dangers. > I am heavy user of the Emacs package: emacs-libpq @ Github > https://github.com/anse1/emacs-libpq No idea and no bandwidth to read it all. If you are tied to PostgreSQL (a good choice, I'd say), consider using prepared queries: they do what client-side template expansion (even the careful kind, with unescaping and all), and I'd expect them to do it much better, since PostgreSQL knows its own syntax best. Cheers - t