--- a/relpipe-data/examples-guile-parametrized-queries.xml Sat Sep 12 13:20:21 2020 +0200
+++ b/relpipe-data/examples-guile-parametrized-queries.xml Fri Sep 25 14:38:24 2020 +0200
@@ -2,7 +2,7 @@
xmlns="https://trac.frantovo.cz/xml-web-generator/wiki/xmlns/strana"
xmlns:m="https://trac.frantovo.cz/xml-web-generator/wiki/xmlns/makro">
- <nadpis>Parametrized queries with Guile</nadpis>
+ <nadpis>Parametrized queries with Scheme</nadpis>
<perex>passing input parameters and avoiding code-injections</perex>
<m:pořadí-příkladu>01600</m:pořadí-příkladu>
@@ -20,7 +20,7 @@
<m:pre jazyk="bash"><![CDATA[fstab-where-type() {
relpipe-in-fstab \
- | relpipe-tr-guile \
+ | relpipe-tr-scheme \
--relation fstab \
--where '(string= $type "'$1'")' \
| relpipe-out-tabular;
@@ -37,20 +37,20 @@
Record count: 1]]></m:pre>
<p>
- But it is fundamentally wrong. The input parameter is blindly pasted in middle of the Guile code.
+ But it is fundamentally wrong. The input parameter is blindly pasted in middle of the Scheme code.
So if we call e.g. <code>fstab-where-type 'ext4"'</code>, it crashes terribly.
Do you remember SQL injections in your first PHP scripts when you were 14?
Do not do it again!
</p>
<p>
- The <code>relpipe-tr-guile</code> tool has a safe way for passing parameters from the outside. And such parameters are even strongly typed.
+ The <code>relpipe-tr-scheme</code> tool has a safe way for passing parameters from the outside. And such parameters are even strongly typed.
So this is, how our program should be written:
</p>
<m:pre jazyk="bash"><![CDATA[fstab-where-type() {
relpipe-in-fstab \
- | relpipe-tr-guile \
+ | relpipe-tr-scheme \
--relation fstab \
--define 'myRequestedType' string "$1" \
--where '(string= $type myRequestedType)' \