From: arne@vajhoej.dk   
      
   On 11/14/2025 9:41 PM, Lawrence D’Oliveiro wrote:   
   > On Sat, 15 Nov 2025 00:24:04 -0000 (UTC), Waldek Hebisch wrote:   
   >> But for routine database queries I want fixed query structure with   
   >> data filling slots. Which is provided by embedded SQL and several   
   >> alternatives. I do not want arbitrary strings as queries: with fixed   
   >> query structure correctness is not hard, with dynamic strings one   
   >> needs to consider a lot of weird corner cases.   
   >   
   > True enough. Fine for canned reports, standard batch processing runs   
   > etc. Except COBOL never had any official standard, did it, for these   
   > “EXEC SQL” templates.   
      
   ISO 9075 part 2   
      
   >> Of course, for ad hoc queries you need dynamic query structure,   
   >> but ability to specify query structure should be limited to trusted   
   >> users.   
   >   
   > Not if the query is written correctly, which is not hard to do.   
      
   C program do not have memory leaks or out of bounds array access   
   if written correctly.   
      
   But developers occasionally make mistakes.   
      
   Injection is still in top 5 on OWASP top 10.   
      
   Arne   
      
   --- SoupGate-Win32 v1.05   
    * Origin: you cannot sedate... all the things you hate (1:229/2)