[plt-scheme] Why do folks implement statically typed languages?
Richard Cobbe skrev:
> On Thu, May 31, 2007 at 10:19:36PM +0200, Jens Axel Søgaard wrote:
>> Richard Cobbe skrev:
>>
>>> Are there static type systems that can protect against, e.g., SQL
>>> injection?
>> I have always wondered why people aren't using Prepare more.
>> Is it too expensive? Or is the reason perhaps that people are
>> using languages without closures?
>> <http://planet.plt-scheme.org/package-source/jaymccarthy/sqlite.plt/3/1/doc.txt>
>>
>> > (define s (prepare db (sql (SELECT (entry_id title url score)
>> FROM entries
>> ORDER-BY (score DESC)
>> LIMIT ,"?"))))
>
> Looks great, and I'd love to know more about this. Let's start with:
>
> - sqlite.plt defines prepare in terms of an FFI call to SQLite. Is this
> feature available for other DBMSs (specifically Oracle)? Or are
> Oracle's bind variables (SELECT x FROM y WHERE z = :1) the equivalent
> functionality?
I am no database expert, but I think Prepare is part of the SQL
standard.
> - I'm particularly interested in the sql form above, but it doesn't seem
> to be defined in sqlite.plt. Where'd that come from?
See "An Introduction to Web Development with PLT Scheme" for an
elaborate explanation.
<http://www.scheme.dk/blog/2007/01/introduction-to-web-development-with.html>
See the "grammar" in:
<http://planet.plt-scheme.org/package-source/soegaard/sqlite.plt/1/2/sql-generate.scm>
And the expression syntax in:
<http://planet.plt-scheme.org/package-source/soegaard/sqlite.plt/1/2/test-sql.scm>
> I ask because I'm actually in the process of designing and implementing a
> similar s-expr based query language at work, and I'd love to see how other
> people did it, so I can avoid reinventing the wheel. But we're already
> committed to Oracle & SBCL, so simply using the code above clearly won't
> fly.
Feel free to steal what you can use. It's all in sql-generate.scm.
--
Jens Axel Søgaard
![[logo]](/logo.png){kind=logo}