freenode/lisp - IRC Chatlog
Search
16:37:37
raeda
As in code coverage? The cookbook might have what you're looking for https://lispcookbook.github.io/cl-cookbook/testing.html#code-coverage
16:58:30
phoe
shka_: a method? sounds like a job for a toplevel :AROUND, as long as your code does not use that internally
17:00:07
kagevf
CL-ASHOK did you try looking at this? https://marijnhaverbeke.nl/postmodern/postmodern.html
17:02:10
CL-ASHOK
kagevf I did, but it's hard to follow "This is the macro-style variant of prepare. It is like prepare, but gives the function a name which now becomes a top-level function for the prepared statement. The name should not a string but may be quoted."
17:03:26
CL-ASHOK
Does something like this: (doquery (:select 'x 'y :from 'some-imaginary-table) (x y)
17:03:37
kagevf
CL-ASHOK: there are a few examples using the argument placeholders like $1 ... maybe enough to figure out how to apply to your code ...
17:04:36
kagevf
CL-ASHOK: that doquery in your example you just wrote doesn't have any parameters, so no danger of sql injection there
17:05:50
kagevf
also, in that document try searching for "$1" to see all the examples where it uses argument placeholders to get more ideas
17:08:34
kagevf
anyway .... try and test it first before thanking me ... I've never used postmodern, but that's how it works with other sql libs
17:10:29
kagevf
to test it, you can try injecting commands to make sure like making body be set to "'some text'); select 'test' --" (maybe get a better example online, but that's the basic idea)
17:36:34
CL-ASHOK
@kagevf - working now:) Ended up with this: (postmodern:query "SELECT * from function_table where fid = $1;" fid)
18:57:38
edgar-rft
lotuseater: depends on how complex the GUI is, for simple GUIs upto to semi-complex it's pretty easy to use
19:00:46
edgar-rft
The main performanc bottleneck is the stream between CL and Tk, if you need to transfer lots of data back and forth between CL and TK the GUI becomes rather sluggish, but I think that's the case with *all* GUIs
19:05:50
lotuseater
edgar-rft: a friend of mine asked me to write him a simple gui with some data handling for his work that should run on windows
21:26:17
Lycurgus
is the notion of controlled natural language as a programming language also inacceptable?
21:26:33
jcowan
Functions that correctly convert a native string to a properly quoted and escaped SQL string prevent SQL injection attacks, and with (concatenate "SELECT" (column-names c1 c2 c3) "FROM" (table-names t1 t2)) you can execute a dynamic query safely.
21:27:45
jcowan
so column-names and table-names quote names correctly (double quotes), add commas between arguments, etc.
21:27:54
Lycurgus
you know in these times it's generally all dynamic queries. I doubt the random programmer even knows the distinction between static and dynamic sql
21:28:24
jcowan
By dynamic I mean you can dynamically choose the tables to query and the results to return.