Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I have rarely needed to escape a SQL string since the days of PHP4, nowadays it is standard to use parameter binding such as "SELECT * FROM table WHERE row = ?" - it's also faster since the query doesn't need to be recompiled every time, but if you really have a desire to escape SQL then you can write a string interpolation function that does it automatically e.g. sql_format("SELECT * FROM table WHERE foo = %s", s). Indeed, JavaScript supports this via custom templated string literals.

As for closing resources, you can use a pattern such as using(open("file.txt"), (f) => { ... }) if your language doesn't already support such a construct.



Escaping multiple times would be unnecessary with a type based system, by definition.

Sure, no one should need to do that anymore, it's just an example. There are many other cases that are similar, however.

`using` is a language construct, not something that is part of an interface. It also does not prevent close from being called twice.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: