[plt-scheme] Why do folks implement statically typed languages?
There is a standard technique the MLers use for this; they encapsulate
the SQL command in an abstract type and only allow operations that
make sense for constructing the values. Of course, if you are getting
the SQL from a web page, you have to still be a little bit careful on
how you call the parser, but probably you can some leverage out of the
data abstraction.
Robby
On 5/31/07, Noel Welsh <noelwelsh at gmail.com> wrote:
> On 5/31/07, Richard Cobbe <cobbe at ccs.neu.edu> wrote:
> > Are there static type systems that can protect against, e.g., SQL
> > injection?
>
> Not that I know of. However you could define your SQL library using,
> say, a 'validated' type instead of strings and then your type system
> will prevent you from using string that haven't been validated. Of
> course you can do this with dynamic checks as well, with the usual
> tradeoffs.
>
> Joel on Software has a post justifying the use of Hungarian notation
> to implementation a poor man's type system for a similar use.
>
> N.
> _________________________________________________
> For list-related administrative tasks:
> http://list.cs.brown.edu/mailman/listinfo/plt-scheme
>