Version française
Home     About     Download     Resources     Contact us    
Browse thread
[Caml-list] Printf question
[ Home ] [ Index: by date | by threads ]
[ Search: ]

[ Message by date: previous | next ] [ Message in thread: previous | next ] [ Thread: previous | next ]
Date: -- (:)
From: Richard Jones <rich@a...>
Subject: Re: [Caml-list] Printf question
On Mon, Sep 29, 2003 at 06:42:09PM +0200, Pierre Weis wrote:
> I'm pretty sure that format string contsnats are typechecked
> statically with the usual typechecker resolution mechanism (a bit more
> complex, but no more magic than the typechecking of the -> type
> constructor).
> 
> So why not using format values directly ?
> 
> For instance:
> 
> # let prepare fmt = Printf.printf fmt;;
> val prepare : ('a, out_channel, unit) format -> 'a = <fun>
> 
> # let sth x =
>     prepare "select salary from emp where id = %d and name = %s" x;;
> val sth : int -> string -> unit = <fun>
> 
> # sth 1 "Jones"
> select salary from emp where id = 1 and name = Jones- : unit = ()
> 
> This is fully statically typechecked as required.
> 
> Or may be I'm missing something ?

I guess the problem is that I want my own interpretation for
%s. It has to do SQL-quoting, otherwise you could write:

# sth 1 "'Jones'; drop database 'company'";; 
select salary from emp where id = 1 and name = 'Jones'; drop database 'company'- : unit = ()

(Or worse ...?)

Rich.

-- 
Richard Jones. http://www.annexia.org/ http://freshmeat.net/users/rwmj
Merjis Ltd. http://www.merjis.com/ - all your business data are belong to you.
NET::FTPSERVER is a full-featured, secure, configurable, database-backed
FTP server written in Perl: http://www.annexia.org/freeware/netftpserver/

-------------------
To unsubscribe, mail caml-list-request@inria.fr Archives: http://caml.inria.fr
Bug reports: http://caml.inria.fr/bin/caml-bugs FAQ: http://caml.inria.fr/FAQ/
Beginner's list: http://groups.yahoo.com/group/ocaml_beginners