|
List Info Thread: Re: In praise of pyformat
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
Re: In praise of pyformat |
|
List Info Thread: Re: In praise of pyformat
[1]
|
||||||||||||
|
about | contact Other archives ( Real Estate discussion Medical topics ) |
||||||||||||
personnelware.com> wrote:
>> Mike Meyer wrote:
>>> While I think your order is a little
exaggerated, I'll merely point
>>> out that it's a common thing to see when you're
writing code that
>>> writes code. SQL pretty much sucks for this,
but Python isn't to bad -
>>> and it's one of the most powerful programming
technics available - I
>>> seem to use it in every other application. So
I'd expect it to become
>>> more common, not less.
>> about a million to one seems realistic to me.
>
> In my experience, its more like every other application
that needs
> this.
>
>> How often does an identifier come from an untrusted
source?
>
> Um, how about in every web-based app that has a real
search facility?
> One that lets the user specify which column(s) they
want to check, or
> that can search multiple tables? I seem to be involved
in working on
> one of those every few years: an SGML document search
engine, a user
> database search engine, a webmail client, a workflow
management
> system, and a software change tracking system are what
I can recall
> now.
hmm, I think I see it. Even if you provide a list of valid
identifiers to the
browser, there is nothing to prevent that being replaced.
Got the URL of one of these so I an examine it?
Carl K
_______________________________________________
DB-SIG maillist - DB-SIG