Sujet : Re: The joy of FORTRAN
De : tnp (at) *nospam* invalid.invalid (The Natural Philosopher)
Groupes : alt.folklore.computers comp.os.linux.miscDate : 05. Mar 2025, 02:26:08
Autres entêtes
Organisation : A little, after lunch
Message-ID : <vq897h$241b2$10@dont-email.me>
References : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
User-Agent : Mozilla Thunderbird
On 04/03/2025 14:53, Niklas Karlsson wrote:
On 2025-03-04, The Natural Philosopher <tnp@invalid.invalid> wrote:
On 04/03/2025 12:25, Niklas Karlsson wrote:
On 2025-03-04, The Natural Philosopher <tnp@invalid.invalid> wrote:
On 04/03/2025 06:25, rbowman wrote:
On Mon, 3 Mar 2025 23:02:44 -0500, c186282 wrote:
>
It's easy to kinda drift into that during development, you always
think of ONE more thing you need to pass. However stage two, you put
all that crap in a struct and pass one pointer. Each function can
extract what it needs from that struct and ignore the rest.
>
I never made it to anywhere close to 60 parameters. We did have one
utility that took 22 command line parameters but it was never meant to be
invoked manually and came with a csh. Even then they all were stuffed into
a struct before the real function was called.
>
Even worse, the parameters were field widths in a positional record. I
truly hate positional records but the damn things live on.
len=sprintf(query,"insert into day set
timestamp='%s',demand='%f',frequency='%f',coal='%f',nuclear='%f',ccgt='%f',ocgt='%f',french_ict='%f',
irish_ict='%f', dutch_ict='%f', ew_ict= '%f',
pumped='%f',hydro='%f',wind='%f',oil='%f',other='%f', north_south='%f',
scotland_england='%f', solar='%f', biomass='%f', nemo='%f',ifa2='%f',
nsl='%f', intelec_ict='%f',vkl_ict=%f",
timestr,total,frequency,coal,
nuclear,ccgt,ocgt,france,ireland,holland,ew,pumped,hydro,wind,oil,other,north_south,scotland_england,
solar, biomass,nemo,ifa2,nsl,intelec,vkl );
>
Not a terribly safe way to build a query. Any database API worth its
salt should have a way to build one with placeholders instead, so the
parameters automatically get special characters escaped and are
generally safer from malicious data.
>
Silly boy. The data is precisely known, and it is all floating point
numbers.
I see a %s in there, and you are far too trusting. It's not like making
a placeholder call is any more difficult anyhow.
The %s is a time string., Utterly predictable in format and not accessible publicly.
time_t t1;
char timestr[256];
int len;
t1=time(NULL); // get current time.
strftime(timestr,254,"%Y-%m-%d %H:%M:%S",gmtime(&t1)); // into SQL format..
Have you ever dine any real life coding, or are you just a computer scientist?
Niklas
-- The lifetime of any political organisation is about three years before its been subverted by the people it tried to warn you about.Anon.
Re: The joy of FORTRAN
Re: The joy of FORTRAN