I agree, but there are some situations where you simply can't. Take for instance dynamically specifying the database to use in an SQL Server query. You get various syntax errors if you try to do "SELECT * FROM @database.dbo.MyTable", so you have to concatenate. For all other situations, stick to stored procedure parameters.
Honestly, I never understand the people that constantly trumpet "Validate! Validate! Validate!" whenever they're dealing with a web/database app. If you're escaping/sanitizing your inputs properly, then you don't need to chase your tail making sure your users haven't entered something "evil".
The specifics vary by platform, but if you're building a dynamic SQL statement in SQL Server, for instance, you'd use the Replace function on the concatenated values to change any occurrence of ' to ''. For MySQL, change ' to \'.
It's very simple, very consistent, and very safe. This is what any decent parameterized query API will do behind the scenes. It's like the old anecdote: you can either spend a lot of time building an exhaustive filter list of offensive words that you don't want showing up in your tracking/order/confirmation codes, or you can just not use any vowels and be done with it.
They took a bunch of measured statistics, ran a simulation with outcomes biased using said statistics, and then acted surprised when the simulation results ended up pretty close to what actually happened?
"I sell bottled water, so if you take water from a natural resource and use it, then I guess we could say you are stealing."
Please. Just because someone's business model revolves around offering something completely redundant, it doesn't mean you're stealing if you tell them to piss off.
Funny enough, the first thing I bought via ebay was a nice Pickett slide rule, around my senior year in high school. It was a pretty good find - it had the original slide case, and even the manual. I didn't use it for actual work, though I did fiddle with it enough to figure out the basic operations. I recall I even managed to approximate pi to a couple decimal places with it.
Needless to say, I didn't go on many dates in high school.:P
I'm with you on this one. The compression is so bad around these parts, that the image quality of certain stations picked up with my set of rabbit ear antennas is noticeably better than that of the washed out block-fest seen on the MPEG-heavy digital channels.
You've won an all-expenses-paid trip to a federal PMITA prison! You'll be enjoying a 1,825 night stay at an all-inclusive resort featuring a mattress, a metal toilet with a sink in it, and evening turn-down service provided by your own personal bellhop named Scar. Travel and accommodations courtesy of the US Federal Bureau of Prisons.
It's an obscure Japan-only PS1 release. It is also HILARIOUSLY bad. From what I can tell, the story line revolves around your John Q Public character being bitten by some alien fly as a child. Then later in life, the fly returns. Said character then relapses, goes into a rage, and starts breaking everything, while his wife and child flee the house. And then, you break stuff. Seriously, that's it. But it gets worse (or better, depending on your point of view). Your character corners about as well as a city bus, desks and furniture explode into flat polygons as you "attack" them, trees tip over like cardboard stand-ups, and the "growl" that your character emits upon completing a stage is the icing on the cake.
Seriously, if you have the means to obtain and play Japanese PS1 games, you need to try this one to marvel at its awfulness.
The keyboard included with my (cheap) Compaq had a sleep button located not half an inch behind the Esc key. And we all know how daintily and precisely the average computer user reaches for the Esc key.
Slashdot Mirror
I agree, but there are some situations where you simply can't. Take for instance dynamically specifying the database to use in an SQL Server query. You get various syntax errors if you try to do "SELECT * FROM @database.dbo.MyTable", so you have to concatenate. For all other situations, stick to stored procedure parameters.
Honestly, I never understand the people that constantly trumpet "Validate! Validate! Validate!" whenever they're dealing with a web/database app. If you're escaping/sanitizing your inputs properly, then you don't need to chase your tail making sure your users haven't entered something "evil".
The specifics vary by platform, but if you're building a dynamic SQL statement in SQL Server, for instance, you'd use the Replace function on the concatenated values to change any occurrence of ' to ''. For MySQL, change ' to \'.
It's very simple, very consistent, and very safe. This is what any decent parameterized query API will do behind the scenes. It's like the old anecdote: you can either spend a lot of time building an exhaustive filter list of offensive words that you don't want showing up in your tracking/order/confirmation codes, or you can just not use any vowels and be done with it.
I get 1.6 million hits from Google themselves. They may be overestimating their security practices just a wee bit.
They took a bunch of measured statistics, ran a simulation with outcomes biased using said statistics, and then acted surprised when the simulation results ended up pretty close to what actually happened?
"Can't rape the willing!"
Life imitates art? Or I guess in this case, Ace Combat 5.
http://xkcd.com/221/ Oh hush, you knew somebody would post it.
Some guy named Mario left a message for you at the front desk. He mentioned something about a license.
...But a fly with a 1.2 inch wingspan would be pretty damn conspicuous where I come from.
An editor from Gizmodo also posted Tubgirl prominently on the main page of Kotaku. (No, that's not a link to the tubgirl posting, obviously - it was deleted quickly afterward anyway.)
Let's just say I don't read Gizmodo anymore.
Full-contact theological debate, evidently.
So in other words, totally superfluous, and largely the laughing stock of its domain?
For a minute there, I was afraid the console flame wars would have to rely on blind speculation.
"Adobe today filed for Chapter 11 bankruptcy after a shocking decline in sales following adoption of a web-based business model..."
They have, evidently.
http://slashdot.org/articles/05/03/08/1621206.shtmlhttp://www.threadwatch.org/node/1774
"I sell bottled water, so if you take water from a natural resource and use it, then I guess we could say you are stealing."
Please. Just because someone's business model revolves around offering something completely redundant, it doesn't mean you're stealing if you tell them to piss off.
Funny enough, the first thing I bought via ebay was a nice Pickett slide rule, around my senior year in high school. It was a pretty good find - it had the original slide case, and even the manual. I didn't use it for actual work, though I did fiddle with it enough to figure out the basic operations. I recall I even managed to approximate pi to a couple decimal places with it.
:P
Needless to say, I didn't go on many dates in high school.
Get me 20,000 gallons of Head and Shoulders, and a fire truck. Stat.
I'm with you on this one. The compression is so bad around these parts, that the image quality of certain stations picked up with my set of rabbit ear antennas is noticeably better than that of the washed out block-fest seen on the MPEG-heavy digital channels.
You've won an all-expenses-paid trip to a federal PMITA prison! You'll be enjoying a 1,825 night stay at an all-inclusive resort featuring a mattress, a metal toilet with a sink in it, and evening turn-down service provided by your own personal bellhop named Scar. Travel and accommodations courtesy of the US Federal Bureau of Prisons.
...my next hit single, "I Just Want To [verb] You [adverb]".
Hakai Oh: King of Crusher.
It's an obscure Japan-only PS1 release. It is also HILARIOUSLY bad. From what I can tell, the story line revolves around your John Q Public character being bitten by some alien fly as a child. Then later in life, the fly returns. Said character then relapses, goes into a rage, and starts breaking everything, while his wife and child flee the house. And then, you break stuff. Seriously, that's it. But it gets worse (or better, depending on your point of view). Your character corners about as well as a city bus, desks and furniture explode into flat polygons as you "attack" them, trees tip over like cardboard stand-ups, and the "growl" that your character emits upon completing a stage is the icing on the cake.
Seriously, if you have the means to obtain and play Japanese PS1 games, you need to try this one to marvel at its awfulness.
Yeah, for real. That game was completely awesome, and I spent many hours with it in my youth.
The keyboard included with my (cheap) Compaq had a sleep button located not half an inch behind the Esc key. And we all know how daintily and precisely the average computer user reaches for the Esc key.
I'm no longer using that keyboard.