[plt-scheme] Why do folks implement statically typed languages?

From: Richard Cobbe (cobbe at ccs.neu.edu)
Date: Thu May 31 17:15:14 EDT 2007

On Thu, May 31, 2007 at 10:19:36PM +0200, Jens Axel Søgaard wrote:
>  Richard Cobbe skrev:
> > Are there static type systems that can protect against, e.g., SQL
> > injection?
>  I have always wondered why people aren't using Prepare more.
>  Is it too expensive? Or is the reason perhaps that people are
>  using languages without closures?
>  <http://planet.plt-scheme.org/package-source/jaymccarthy/sqlite.plt/3/1/doc.txt>
>  > (define s (prepare db (sql (SELECT (entry_id title url score)
>                                    FROM entries
>                                    ORDER-BY (score DESC)
>                                    LIMIT ,"?"))))

Looks great, and I'd love to know more about this.  Let's start with:

  - sqlite.plt defines prepare in terms of an FFI call to SQLite.  Is this
    feature available for other DBMSs (specifically Oracle)?  Or are
    Oracle's bind variables (SELECT x FROM y WHERE z = :1) the equivalent

  - I'm particularly interested in the sql form above, but it doesn't seem
    to be defined in sqlite.plt.  Where'd that come from?

I ask because I'm actually in the process of designing and implementing a
similar s-expr based query language at work, and I'd love to see how other
people did it, so I can avoid reinventing the wheel.  But we're already
committed to Oracle & SBCL, so simply using the code above clearly won't


Posted on the users mailing list.