On Fri, Feb 02, 2007 at 12:15:31PM +0100, Danesh Daroui wrote: > > 1. The one who should learn something is you, and not me. So, I would > suggest you to learn something basic about database concepts and I don't > care if you ever come back or not! Really? What should I learn? I've given specific things where your knowledge of/experience with databases is clearly deficient. Care to be specific and refrain from making sweeping statements with not support? > 2. You do not have to involve yourself in any single topic you see in > the forum, specially if you are not asked to do so! Really? Where is your invitation to participate in this thread? The original post that started this thread was a request for help getting started with MySQL or PostgreSQL. I am subscribed to the list and received the message. That's all the invitiation I needed. > 3. If you have used credit card in stone ages (the days that it was > verified by just writing down on papers) it is not my fault! According > to the example you said, if you are dealing with a bank or PayPal, there > is only one center (or web site) that inserts data into database not > anyone from anywhere! There are something called "users" and > "privileges". Search on google to find out more about them. Wow. You really don't understand. Anyone can *attempt* to "insert" data into paypal's database. Yes they have user. Yes they have access controls. But paypal still takes responsbility for *validating* the data. Want to take a wild guess at how they do this? Hint: it is in the database. That is what it is there for. Since you don't get it, I'll repeat myself. If companies like paypal (or any company that relies their data actually being *valid*) makes it the responsibility of the developers to validate data (with no further checks at the DB), that is equivalent to a civil engineer designing a bridge and not bothering to compute the loads and stresses on the materials, since the construction workers will make sure it stays up anyways. In other fields of engineering, that sort of behavior carries along with it terms like "professional negligence" and "malpractice." In those other engineering fields, people who do that sort of thing lose their licenses and barred from practicing as engineers again. > 4. Yes, the code which interacts with database is responsible to be sure > that the data which is going to be inserted to the database is valid. > The database's job to check if the data is "logically" valid. For > example not to allow a character to be written in an integer field. Umm, you are contradicting yourself. Is this the developer's job or the DB's? Besides, what the hecks is logically valid? To me, February 31 is not "logicall" valid as part of a date. Yet MySQL happily accepts it. By your own definition, MySQL doesn't even accomplish that minimal part of the job. > There are libraries in each programming language to do so. As I said, > MySQL also supports such things and have its own library of functions > which are very powerful, but it is optional and up to the user to use > them. Without it, it would be just overhead to database. Yes. Because it always better to implement the same duplicate functionality in 15 random different libraries of varying (and often dubious) levels of quality and probably little or no optimization (except for the one or two most popular libraries). Do you have any training or education in software engineering? I really mean engineering, not CompSci, or a certificate from DeVry or ITT in Visual Basic. I mean, do you posses an earned engineering degree? I would guess not, but I just want to be sure. > 5. Again back to your example, yes, the PayPal web site offers you to > choose the data by using a combo box and not inserting it manually. So > the date which is sent to the database is definitely correct before I'm sorry, but this is so off base it is not even funny. Every here about SQL injection? That one single thing is more than ample reason to make sure that the database properly validates all data. Now, I understand that SQL injection can also cause other problems which the DB cannot identify or prevent. But still. > inserting. Many banks and economic organizations use MySQL as their > database. I think they do care about the date of their transactions too, > don't ya? OK. Name one bank or economic organization that uses MySQL for mission critical financial data. Just one. I'll wait. Regards, -Roberto -- Roberto C. Sanchez http://people.connexer.com/~roberto http://www.connexer.com
Attachment:
signature.asc
Description: Digital signature