[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Getting started with Postgres or MySQL

On Fri, Feb 02, 2007 at 12:15:31PM +0100, Danesh Daroui wrote:
> 1. The one who should learn something is you, and not me. So, I would 
> suggest you to learn something basic about database concepts and I don't 
> care if you ever come back or not!

Really?  What should I learn?  I've given specific things where your
knowledge of/experience with databases is clearly deficient.  Care to
be specific and refrain from making sweeping statements with not

> 2. You do not have to involve yourself in any single topic you see in 
> the forum, specially if you are not asked to do so!

Really?  Where is your invitation to participate in this thread?  The
original post that started this thread was a request for help getting
started with MySQL or PostgreSQL.  I am subscribed to the list and
received the message.  That's all the invitiation I needed.

> 3. If you have used credit card in stone ages (the days that it was 
> verified by just writing down on papers) it is not my fault! According 
> to the example you said, if you are dealing with a bank or PayPal, there 
> is only one center (or web site) that inserts data into database not 
> anyone from anywhere! There are something called "users" and 
> "privileges". Search on google to find out more about them.

Wow.  You really don't understand.  Anyone can *attempt* to "insert"
data into paypal's database.  Yes they have user.  Yes they have access
controls.  But paypal still takes responsbility for *validating* the
data.  Want to take a wild guess at how they do this?  Hint: it is in
the database.  That is what it is there for.

Since you don't get it, I'll repeat myself.  If companies like paypal
(or any company that relies their data actually being *valid*) makes it
the responsibility of the developers to validate data (with no further
checks at the DB), that is equivalent to a civil engineer designing a
bridge and not bothering to compute the loads and stresses on the
materials, since the construction workers will make sure it stays up
anyways.  In other fields of engineering, that sort of behavior carries
along with it terms like "professional negligence" and "malpractice."
In those other engineering fields, people who do that sort of thing lose
their licenses and barred from practicing as engineers again.

> 4. Yes, the code which interacts with database is responsible to be sure 
> that the data which is going to be inserted to the database is valid. 
> The database's job to check if the data is "logically" valid. For 
> example not to allow a character to be written in an integer field. 

Umm, you are contradicting yourself.  Is this the developer's job or the
DB's?  Besides, what the hecks is logically valid?  To me, February 31
is not "logicall" valid as part of a date.  Yet MySQL happily accepts
it.  By your own definition, MySQL doesn't even accomplish that minimal
part of the job.

> There are libraries in each programming language to do so. As I said, 
> MySQL also supports such things and have its own library of functions 
> which are very powerful, but it is optional and up to the user to use 
> them. Without it, it would be just overhead to database.

Yes.  Because it always better to implement the same duplicate
functionality in 15 random different libraries of varying (and often
dubious) levels of quality and probably little or no optimization
(except for the one or two most popular libraries).  Do you have any
training or education in software engineering?  I really mean
engineering, not CompSci, or a certificate from DeVry or ITT in Visual
Basic.  I mean, do you posses an earned engineering degree?  I would
guess not, but I just want to be sure.

> 5. Again back to your example, yes, the PayPal web site offers you to 
> choose the data by using a combo box and not inserting it manually. So 
> the date which is sent to the database is definitely correct before 

I'm sorry, but this is so off base it is not even funny.  Every here
about SQL injection?  That one single thing is more than ample reason to
make sure that the database properly validates all data.  Now, I
understand that SQL injection can also cause other problems which the DB
cannot identify or prevent.  But still.

> inserting. Many banks and economic organizations use MySQL as their 
> database. I think they do care about the date of their transactions too, 
> don't ya?

OK.  Name one bank or economic organization that uses MySQL for mission
critical financial data.  Just one.  I'll wait.


Roberto C. Sanchez

Attachment: signature.asc
Description: Digital signature

Reply to: