Why Is Escaping Data Considered So Magical?
in [Python]
|
Prev: GDAL-1.7.1 : vcvarsall.bat missing
Next: improving python performance by extension module (64bit)
From: Lawrence D'Oliveiro on 3 Jul 2010 21:25 In message <mailman.2121.1277522302.32709.python-list(a)python.org>, Robert Kern wrote: > On 2010-06-25 19:47 , Lawrence D'Oliveiro wrote: > >> In message<mailman.2046.1277445301.32709.python-list(a)python.org>, Cameron >> Simpson wrote: >> >>> On 25Jun2010 15:38, Lawrence >>> D'Oliveiro <ldo(a)geek-central.gen.new_zealand> wrote: >>> >>> | In message<2010062422432660794-angrybaldguy(a)gmailcom>, Owen Jacobson >>> | wrote: >>> >>> |> Why would I write this when SQLAlchemy, even without using its ORM >>> |> features, can do it for me? >>> | >>> | SQLAlchemy doesn't seem very flexible. Looking at the code examples >>> |<http://www.sqlalchemy.org/docs/examples.html>, they're very >>> |procedural: build object, then do a string of separate method calls to >>> |add data to it. I prefer the functional approach, as in my table-update >>> |example. >>> >>> He said "without using its ORM". >> >> I noticed that. So were those examples I referenced above “using its >> ORM”? Can you offer better examples “without using its ORM”? > > http://www.sqlalchemy.org/docs/sqlexpression.html Still full of very repetitive boilerplate. Doesn't look like it can create a simpler alternative to my example at all.
From: Lawrence D'Oliveiro on 3 Jul 2010 21:28
In message <mailman.2128.1277537954.32709.python-list(a)python.org>, Robert Kern wrote: > On 2010-06-25 19:49 , Lawrence D'Oliveiro wrote: > >> Why do people consider input sanitization so hard? > > It's not hard per se; it's just repetitive, prone to the occasional > mistake, and, frankly, really boring. But as a programmer, I'm not in the habit of doing “repetitive” and “boring”. Look at the example I posted, and you'll see. It's the ones trying to come up with alternatives to my code who produce things that look “reptitive” and “boring”. |