From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on polar.synack.me X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,FREEMAIL_FROM autolearn=ham autolearn_force=no version=3.4.4 X-Google-Thread: 103376,c9d5fc258548b22a X-Google-NewGroupId: yes X-Google-Attributes: gida07f3367d7,domainid0,public,usenet X-Google-Language: ENGLISH,ASCII-7-bit Path: g2news1.google.com!news1.google.com!npeer02.iad.highwinds-media.com!news.highwinds-media.com!feed-me.highwinds-media.com!news.glorb.com!news2.glorb.com!news.glorb.com!transit3.readnews.com!news-out.readnews.com!postnews3.readnews.com!postbox2.readnews.com!not-for-mail Date: Wed, 02 Mar 2011 17:10:38 -0500 From: Hyman Rosen User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.14) Gecko/20110221 Thunderbird/3.1.8 MIME-Version: 1.0 Newsgroups: comp.lang.ada Subject: Re: How do I write directly to a memory address? References: <67063a5b-f588-45ea-bf22-ca4ba0196ee6@l11g2000yqb.googlegroups.com> <31c357bd-c8dc-4583-a454-86d9c579e5f4@m13g2000yqb.googlegroups.com> <05a3673e-fb97-449c-94ed-1139eb085c32@x1g2000yqb.googlegroups.com> <4d4c232a$0$28967$882e7ee2@usenet-news.net> <4D4D6506.50909@obry.net> <4d50095f$0$22393$882e7ee2@usenet-news.net> <4d6d56c4$0$11509$882e7ee2@usenet-news.net> <16u9ka51wbukr$.1fj2sb73j9rv6.dlg@40tude.net> <4d6d627b$0$11509$882e7ee2@usenet-news.net> <29c4lixc0ght$.14kkfz1kij135.dlg@40tude.net> <4d6d6afb$0$11509$882e7ee2@usenet-news.net> <1gz9984wwizn5.r619fw4z9o56.dlg@40tude.net> <4d6e5614$0$21954$882e7ee2@usenet-news.net> <4d6e64f5$0$21954$882e7ee2@usenet-news.net> <4d6e811b$0$21956$882e7ee2@usenet-news.net> <1bnko88u7cfiu$.1p6595qf6pjfn$.dlg@40tude.net> <4d6e8ca5$0$17939$a8266bb1@postbox2.readnews.com> In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Message-ID: <4d6ec060$0$17961$a8266bb1@postbox2.readnews.com> NNTP-Posting-Host: 198.186.190.52 X-Trace: 1299103840 postbox2.readnews.com 17961 198.186.190.52:41369 Xref: g2news1.google.com comp.lang.ada:17746 Date: 2011-03-02T17:10:38-05:00 List-Id: On 3/2/2011 4:55 PM, Dmitry A. Kazakov wrote: > Yes, if Ada were such a pitiful language as SQL is No. if Ada were used as a dynamic query language as SQL is. The only reason quote injection bugs don't occur in dynamic Ada code is that there's no such thing as dynamic Ada code. > Prepared statements and bound parameters is not a part of SQL. That's false. Many SQL-statements can be written to use "parameters" (which are manifested in static execution of SQL-statements as in s contained in s in s or as s in s contained in s). In SQL-statements that are executed dynamically, the parameters are called dynamic parameters (s) and are represented in SQL language by a (?). > In any case there is no warranty that the driver does not do the same > thing for bound parameters. It depends on the SQL interpreter of the > DB client/driver. What same thing? DB client/drivers do not have SQL interpreters. What are you talking about? > Prepared statements are interpreted at run time. There is no way to check > them and their parameters statically. Preparing does nothing more than a > very superficial pre-compilation. Check their parameters for what? What are you talking about? What does this have to do with erroneously tacking quotes around a string?