From: antispam@fricas.org   
      
   Lawrence D’Oliveiro  wrote:   
   > On Wed, 12 Nov 2025 16:06:56 -0500, Arne Vajhøj wrote:   
   >   
   >> On 11/12/2025 4:01 PM, Lawrence D’Oliveiro wrote:   
   >>>   
   >>> On Wed, 12 Nov 2025 15:12:40 -0500, Arne Vajhøj wrote:   
   >>>>   
   >>>> To build dynamic SQL strings you need support for a few basic   
   >>>> features:   
   >>>> * loops   
   >>>> * conditional blocks   
   >>>> * string concatanation   
   >>>>   
   >>>> Cobol does support that.   
   >>>   
   >>> But not arbitrary-length dynamic strings.   
   >>>   
   >>> And not functional constructs that let you put the loops and   
   >>> conditionals inside the string-construction expression.   
   >>   
   >> True.   
   >>   
   >> But that does not impact whether you can do it in Cobol.   
   >>   
   >> It just impacts how many lines of code you need to do it.   
   >   
   > More code means more work to write and maintain, and more chance for bugs   
   > to get in.   
   >   
   > Remember, this stuff is already a well-known source of security   
   > vulnerabilities. The last thing you need is more maintenance headaches.   
      
   Well, Cobol is not good essentially for any code.  But for routine   
   database queries I want fixed query structure with data filling   
   slots.  Which is provided by embedded SQL and several alternatives.   
   I do not want arbitrary strings as queries: with fixed query   
   structure correctness is not hard, with dynamic strings one   
   needs to consider a lot of weird corner cases.   
      
   Of course, for ad hoc queries you need dynamic query structure,   
   but ability to specify query structure should be limited to trusted   
   users.   
      
   --   
                                 Waldek Hebisch   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)