On Thu, Sep 19, 2019 at 05:07:34PM +0300, Lassi Kortela wrote:
> > If named parameters were
> > pervasive, I'd say "use them", but we know they aren't.  "?" isn't actually
> > part of SQL AFAICT, and there are probably databases that don't support
> > even that.
>
> Unfortunately also true. However, is there a problem if we have a DSL that
> puts in the question marks or equivalent? I haven't thought about this in
> detail, but it's hard to see how a DSL inserting DB-specific placeholders is
> worse than a DSL implementing the entire SQL string escaping syntax
> (assuming the escaping is consistent across databases, which is already
> assuming a lot).

A DSL cannot do that in general.  You need the connection object to be
able to get escaping right; it's dependent on database settings,
especially to the character encoding.

> As a separate question, how do you send blobs without parameters?

By using a database-specific escape syntax.  In Postgres you can use
C-like backslash escaping of non-ASCII characters like \012, or fully
hex encoded strings starting with \x like '\xf0012345'.

> > that dumb programmers don't generally wind up using Scheme.  We hope.
>
> By dumb I assume you mean sloppy and careless. It'd be interesting to know
> to what extent that attitude is temperamental and to what extent people can
> learn to be more diligent if they see inspiring examples of good software
> made with attention to detail. Sloppiness is certainly pervasive in
> programming; it'd be inspiring to see some evidence that there is hope :)

I'm also a massive believer in better tools.  Even great programmers have
momentary lapses in clarity of thinking.

Cheers,
Peter