|
|
|
|
|
|
by chriswarbo
4688 days ago
|
|
|
How about we stop calling everything "strings" (and "ints" too, while we're at it)? UserInput readFromPost(HttpParam param) {
// Read param from POST here
}
Collection<SqlRow> query(SqlQuery q) {
// Send query to DB here
}
UserInput name = readFromPost('name');
Collection<SqlRow> result = query(
sqlConcat('INSERT INTO users (name) VALUES (',
stringToSql(userInputToString(name)),
')')
SqlInt<10> userId = sqlRowLookup(result, 'id')
sendToBrowser(htmlConcat('You are user number ',
sqlIntToString(userId)))
Clearly we can get better APIs than this, but it's not as difficult as you make out to program in a safe and sane way. |
|
|