From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-0.3 required=5.0 tests=BAYES_00, REPLYTO_WITHOUT_TO_CC autolearn=no autolearn_force=no version=3.4.4 X-Google-Thread: 103376,c9d5fc258548b22a X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news2.google.com!news3.google.com!feeder.news-service.com!newsfeed.straub-nv.de!noris.net!newsfeed.arcor.de!newsspool1.arcor-online.net!news.arcor.de.POSTED!not-for-mail From: "Dmitry A. Kazakov" Subject: Re: How do I write directly to a memory address? Newsgroups: comp.lang.ada User-Agent: 40tude_Dialog/2.0.15.1 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Reply-To: mailbox@dmitry-kazakov.de Organization: cbb software GmbH References: <67063a5b-f588-45ea-bf22-ca4ba0196ee6@l11g2000yqb.googlegroups.com> <05a3673e-fb97-449c-94ed-1139eb085c32@x1g2000yqb.googlegroups.com> <4d4c232a$0$28967$882e7ee2@usenet-news.net> <4D4D6506.50909@obry.net> <4d50095f$0$22393$882e7ee2@usenet-news.net> <4d6d56c4$0$11509$882e7ee2@usenet-news.net> <16u9ka51wbukr$.1fj2sb73j9rv6.dlg@40tude.net> <4d6d627b$0$11509$882e7ee2@usenet-news.net> <29c4lixc0ght$.14kkfz1kij135.dlg@40tude.net> <4d6d6afb$0$11509$882e7ee2@usenet-news.net> <1gz9984wwizn5.r619fw4z9o56.dlg@40tude.net> <4d6e5614$0$21954$882e7ee2@usenet-news.net> <4d6e64f5$0$21954$882e7ee2@usenet-news.net> <4d6e811b$0$21956$882e7ee2@usenet-news.net> <1bnko88u7cfiu$.1p6595qf6pjfn$.dlg@40tude.net> <4d6e8ca5$0$17939$a8266bb1@postbox2.readnews.com> <4d6ec060$0$17961$a8266bb1@postbox2.readnews.com> Date: Thu, 3 Mar 2011 09:14:43 +0100 Message-ID: <1omdab8zthd4i.cmec2vp5lxyv.dlg@40tude.net> NNTP-Posting-Date: 03 Mar 2011 09:14:43 CET NNTP-Posting-Host: 086e7fd6.newsspool4.arcor-online.net X-Trace: DXC=gU4aQC1AaWa=A^Zo X-Complaints-To: usenet-abuse@arcor.de Xref: g2news2.google.com comp.lang.ada:18734 Date: 2011-03-03T09:14:43+01:00 List-Id: On Wed, 02 Mar 2011 17:10:38 -0500, Hyman Rosen wrote: > On 3/2/2011 4:55 PM, Dmitry A. Kazakov wrote: >> Yes, if Ada were such a pitiful language as SQL is > > No. if Ada were used as a dynamic query language as SQL is. And it is luckily not. > The only reason quote injection bugs don't occur in dynamic > Ada code is that there's no such thing as dynamic Ada code. Yes, there is no unsafe untyped code in Ada, unless when communicating with alien components. > What same thing? DB client/drivers do not have SQL interpreters. > What are you talking about? About the way the driver treats bound parameters of pre-compiled statements. It may well expand "?" with literals, instead of passing the parameter over the socket, which BTW also requires some encoding. >> Prepared statements are interpreted at run time. There is no way to check >> them and their parameters statically. Preparing does nothing more than a >> very superficial pre-compilation. > > Check their parameters for what? For type errors, which includes improper representation of type value. > What are you talking about? What does > this have to do with erroneously tacking quotes around a string? If string were passed to the driver as a string no such error could happen. The problem was in improperly done untyped conversion required by the driver's interface. -- Regards, Dmitry A. Kazakov http://www.dmitry-kazakov.de