| Deutsch English Français Italiano |
|
<vq897h$241b2$10@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: The Natural Philosopher <tnp@invalid.invalid> Newsgroups: alt.folklore.computers,comp.os.linux.misc Subject: Re: The joy of FORTRAN Date: Wed, 5 Mar 2025 01:26:08 +0000 Organization: A little, after lunch Lines: 59 Message-ID: <vq897h$241b2$10@dont-email.me> References: <cxicnVzg_cn_eGX7nZ2dnZfqnPadnZ2d@earthlink.com> <vppj5n$33b82$4@dont-email.me> <m2clmbFl430U10@mid.individual.net> <m2dp4gF577vU2@mid.individual.net> <TeucnZgT9qpy_F_6nZ2dnZfqnPGdnZ2d@giganews.com> <vpujqm$5g9r$2@dont-email.me> <V82cnbblIbFrdF76nZ2dnZfqn_udnZ2d@giganews.com> <m2ld72Fhq3U1@mid.individual.net> <vq4hik$1bvqe$4@dont-email.me> <m2mdm6F5c4eU2@mid.individual.net> <vq52ov$1f9re$3@dont-email.me> <794451758.762727703.370029.peter_flass-yahoo.com@news.eternal-september.org> <JcpxP.90419$l0_4.90044@fx43.iad> <U8ucnSHoTMX25lv6nZ2dnZfqn_adnZ2d@giganews.com> <m2nkn3Fap9pU1@mid.individual.net> <vq6h7p$1q495$10@dont-email.me> <m2o9qiFdodmU2@mid.individual.net> <vq721q$1t6uf$4@dont-email.me> <m2oifkFf2nnU1@mid.individual.net> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Wed, 05 Mar 2025 02:26:09 +0100 (CET) Injection-Info: dont-email.me; posting-host="e8799f779c02043837f84ad5df3eebc4"; logging-data="2229602"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+GRz0rHRngA7DR+a2wU/20k4G5HT9p3yo=" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:K4I9vOv/e8g+AD9JXBlRqG5ql9Q= Content-Language: en-GB In-Reply-To: <m2oifkFf2nnU1@mid.individual.net> Bytes: 4459 On 04/03/2025 14:53, Niklas Karlsson wrote: > On 2025-03-04, The Natural Philosopher <tnp@invalid.invalid> wrote: >> On 04/03/2025 12:25, Niklas Karlsson wrote: >>> On 2025-03-04, The Natural Philosopher <tnp@invalid.invalid> wrote: >>>> On 04/03/2025 06:25, rbowman wrote: >>>>> On Mon, 3 Mar 2025 23:02:44 -0500, c186282 wrote: >>>>> >>>>>> It's easy to kinda drift into that during development, you always >>>>>> think of ONE more thing you need to pass. However stage two, you put >>>>>> all that crap in a struct and pass one pointer. Each function can >>>>>> extract what it needs from that struct and ignore the rest. >>>>> >>>>> I never made it to anywhere close to 60 parameters. We did have one >>>>> utility that took 22 command line parameters but it was never meant to be >>>>> invoked manually and came with a csh. Even then they all were stuffed into >>>>> a struct before the real function was called. >>>>> >>>>> Even worse, the parameters were field widths in a positional record. I >>>>> truly hate positional records but the damn things live on. >>>> len=sprintf(query,"insert into day set >>>> timestamp='%s',demand='%f',frequency='%f',coal='%f',nuclear='%f',ccgt='%f',ocgt='%f',french_ict='%f', >>>> irish_ict='%f', dutch_ict='%f', ew_ict= '%f', >>>> pumped='%f',hydro='%f',wind='%f',oil='%f',other='%f', north_south='%f', >>>> scotland_england='%f', solar='%f', biomass='%f', nemo='%f',ifa2='%f', >>>> nsl='%f', intelec_ict='%f',vkl_ict=%f", >>>> timestr,total,frequency,coal, >>>> nuclear,ccgt,ocgt,france,ireland,holland,ew,pumped,hydro,wind,oil,other,north_south,scotland_england, >>>> solar, biomass,nemo,ifa2,nsl,intelec,vkl ); >>> >>> Not a terribly safe way to build a query. Any database API worth its >>> salt should have a way to build one with placeholders instead, so the >>> parameters automatically get special characters escaped and are >>> generally safer from malicious data. >>> >> Silly boy. The data is precisely known, and it is all floating point >> numbers. > > I see a %s in there, and you are far too trusting. It's not like making > a placeholder call is any more difficult anyhow. > The %s is a time string., Utterly predictable in format and not accessible publicly. time_t t1; char timestr[256]; int len; t1=time(NULL); // get current time. strftime(timestr,254,"%Y-%m-%d %H:%M:%S",gmtime(&t1)); // into SQL format.. Have you ever dine any real life coding, or are you just a computer scientist? > Niklas -- The lifetime of any political organisation is about three years before its been subverted by the people it tried to warn you about. Anon.