From: arne@vajhoej.dk   
      
   On 7/10/2025 1:48 AM, Lawrence D'Oliveiro wrote:   
   > On Wed, 9 Jul 2025 22:26:19 -0400, Arne Vajhøj wrote:   
   >> On 7/9/2025 9:35 PM, Lawrence D'Oliveiro wrote:   
   >>> On Wed, 9 Jul 2025 20:25:06 -0400, Arne Vajhøj wrote:   
   >>>> zxJDBC.Error: Literals of this kind are not allowed; SQL statement:   
   >>>> SELECT f1,f2 FROM t1 WHERE f2 IN ('A','CCC','EEEEE') [90116-220]   
   >>>> [SQLCode: 90116], [SQLState: 90116]   
   >>>   
   >>> What happens if you really want literals in your SQL code?   
   >>   
   >> You don't.   
   >   
   > Seems like somebody is really, really scared of the possibilities offered   
   > by being able to embed one language inside another.   
      
   Embedded SQL, call API with static SQL, call API with dynamic SQL only   
   dynamic non-data and call API with dynamic SQL and dynamic data all   
   embed SQL in Cobol/C/Java/PHP/Python/whatever.   
      
   Even ORM's tend to embed a language. Either SQL or something ORM   
   specific: EJBQL, HQL, JPQL, JDOQL, JDQL, DQL etc..   
      
   So nobody seems afraid of embedding SQL.   
      
   It is just that some want to embed SQL in a safe way - a guaranteed   
   safe way.   
      
   >                                                     Just because PHP   
   > programmers can’t get their heads around it, doesn’t mean the rest of us   
   > have to be tied down to the same mental level.   
      
   The style you propose match pretty well how PHP developers did things   
   back in the 00's. They learned that it was not good. Learned the hard   
   way. SQL injection had a very prominent place on OWASP top 10   
   for many years.   
      
   Arne   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)