[plt-scheme] Why do folks implement statically typed languages?

From: Jens Axel Søgaard (jensaxel at soegaard.net)
Date: Thu May 31 17:22:53 EDT 2007

Richard Cobbe skrev:
> On Thu, May 31, 2007 at 10:19:36PM +0200, Jens Axel Søgaard wrote:
>>  Richard Cobbe skrev:
>>> Are there static type systems that can protect against, e.g., SQL
>>> injection?
>>  I have always wondered why people aren't using Prepare more.
>>  Is it too expensive? Or is the reason perhaps that people are
>>  using languages without closures?
>>  <http://planet.plt-scheme.org/package-source/jaymccarthy/sqlite.plt/3/1/doc.txt>
>>  > (define s (prepare db (sql (SELECT (entry_id title url score)
>>                                    FROM entries
>>                                    ORDER-BY (score DESC)
>>                                    LIMIT ,"?"))))
> Looks great, and I'd love to know more about this.  Let's start with:
>   - sqlite.plt defines prepare in terms of an FFI call to SQLite.  Is this
>     feature available for other DBMSs (specifically Oracle)?  Or are
>     Oracle's bind variables (SELECT x FROM y WHERE z = :1) the equivalent
>     functionality?

I am no database expert, but I think Prepare is part of the SQL

>   - I'm particularly interested in the sql form above, but it doesn't seem
>     to be defined in sqlite.plt.  Where'd that come from?

See  "An Introduction to Web Development with PLT Scheme"  for an
elaborate explanation.


See the "grammar" in:


And the expression syntax in:


> I ask because I'm actually in the process of designing and implementing a
> similar s-expr based query language at work, and I'd love to see how other
> people did it, so I can avoid reinventing the wheel.  But we're already
> committed to Oracle & SBCL, so simply using the code above clearly won't
> fly.

Feel free to steal what you can use. It's all in sql-generate.scm.

Jens Axel Søgaard

Posted on the users mailing list.