On Tue, Aug 26, 2008 at 4:46 AM, Peter Tilbrook wrote: > Just got nailed myself - dammit - 15 years of knowledge.
There are at least 2 tools available that will search through your code looking for unparamed variables, and I think Larry posted a simple regex that you could use from within Eclipse. Those will help. I actually got a little nutty and wrote my own tool, that does a bit of database introspection, rewrites the query using the correct cfsqldatatypes, and then tests the query. Kinda cool, wasn't too hard, conceptually-- you have the DSN right there. It doesn't work with stored procedures (which shouldn't matter, 'cause I think they are type-checked by the DB first anyways), although, I was thinking (about something Jochem said about the difficulty of introspecting stored procedures and whatnot, sorta) that since I think the DB will give you the source for the procedure or function, you could use /that/ to introspect them, and create ORM type deals. RIght? You would have to code stuff for each DB (or at least the most popular at first), which is a little sucky, but I think unavoidable. There are certainly similarities between DBs tho, which would make it a tad easier. Probably just pie-in-the-sky type thinking, ignoring some fundamental problem, but it sounds kind of plausible. Anyways, half-way through coding my thing, I was like, damn, this would have been a perfect use for ANTLR! There are even grammar files for SQL, which would make parsing that easier. Oh well. Maybe the next version. LOL. After I finish this one. I'm still messing with the UI for it- uses dojo (of course) with a nice split screen, the top half has a tree control for browsing the files and folders with unparamed queries, and the bottom half actually shows you the source that would change, assuming the query passes the test. Still need to add de-select, so you can ignore directories, files, or individual queries, and then I'll probably post a link to it. I started getting a little excited while coding it, thinking about the... what was it called? Ah, yes- coding standards/review. I remember Will had posted a tool, and I had been toying with creating a tool for managing the attributes (hint, access, etc..) of functions/CFCs myself... wouldn't it be nice to have a tool that would do everything (format code, check for unvared variables, maybe even allow for drag-and-drop moving of functions/refactoring? (Ok, that's kinda extreme, but it was an exciting thought.)). Maybe tie it into the SVN stuff, even? Heh. I began thinking about getting all wiggy with it, because I wrote the code in a pretty sloppy manner (switching between camelCase and all lowercase, cutting/pasting functions and not changing the hint attribute, etc.), and was like, "hell, I could tweak this tool to tweak itself". And then every time I switched between styles, I was, like, hey, I'm creating a test-case! LOL. Something like that. It would be pretty easy, as it currently is, to have the tool replace queries like "SELECT * FROM sometable" with the actual column names, for instance, or even do things like refactor queries, changing column or table names... I grab the DSN metadata, and parse the SQL into table names and column names, so it's all there. I need a bunch more "bad" query test cases, for various DB dialects, but I'm thinking I'll link up with the group I saw at some point (maybe it was just a blog post, now that I think about it), that's specifically targeting the prevention of injection attacks, and see if we can't get a nice set of cross-database testcases to use for tools like this. So, in the end I hope to have a source-code maintenance type tool, as I think it sounds kind of cool. Over time, it looks like it would become a freaking web-based IDE. :-)p Heh... I started thinking about how I could pull off some cool DB/query stuff within CFEclipse again, while messing around with this stuff. But I digress... LOL. :)e|\| -- Haste is of the Devil. St. Jerome ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Adobe® ColdFusion® 8 software 8 is the most important and dramatic release to date Get the Free Trial http://ad.doubleclick.net/clk;203748912;27390454;j Archive: http://www.houseoffusion.com/groups/CF-Talk/message.cfm/messageid:311626 Subscription: http://www.houseoffusion.com/groups/CF-Talk/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
