Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way]

[Jean Louis]

* Emanuel Berg <moasenwood@zoho.eu> [2021-06-26 02:50]:
> Jean Louis wrote:
> 
> > To summarize, it is better to use file related functions
> > whenever possible, checking if it is directory, using
> > functions like `file-name-as-directory' and so on.
> 
> Yes, of course.
> 
> > (format "%s/%s/" (rcd-crm-directory-by-id) id))
> > (concat (rcd-crm-directory) "/" (cadr (rcd-crm-directory-data))))
> > (concat (rcd-crm-directory) "/" (cadr (rcd-crm-directory-data))))
> 
> Is this what you are not allowed to do?
> 
> I ask because it looks similar to mine, only not as good,
> perhaps. Ha.
> 
> OK, how is it suppose to look then?

I think by using file- related functions:

(defun doi-file-find (md5)
  "Return existing MD5 file for Double Opt-In.confirmation or NIL."
  (let ((file (concat (file-name-as-directory doi-directory)
                      (file-name-as-directory (substring md5 0 
doi-substring-to))
                      md5)))
    (if (file-exists-p file) file nil)))

in that case `file-name-as-directory' is protecting the case of
vraiable `doi-directory' not to have slash on the and.

Before I have used my function:

(defun slash-add (path)
  "Adds slash `/` quickly on the end of string"
  (if (string= path "")
      "/"
    (let ((last (substring (reverse path) 0 1)))
      (if (string= last "/") path
        (concat path "/")))))

Or

(defun string-add (string add)
  "Returns string 'add' on the end of the string if there is none"
  (let* ((string (replace-regexp-in-string " *" "" string))
         (added (string-match (format "%s$" add) string)))
    (if added string (concat string add))))

When concatenating directory names it is important to take care of slashes.

-- 
Jean

Take action in Free Software Foundation campaigns:
https://www.fsf.org/campaigns

In support of Richard M. Stallman
https://stallmansupport.org/