lua-users home
lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

On Sat, Apr 22, 2017 at 11:46 AM, Dirk Laurie <> wrote:
> I.e. you should do "pcall(string.match,str,pat)" instead of str:match(pat)
> whenever either "str" or "pat" is not under your control.

Well, there is just the original C string matching code (lifted
carefully using a MIT license) and so the Rust equivalent would be
'all matches may fail with an error'. Currently it's just panicking
which is bad, man.  Not too bad really, but if I had static validation
then I _know_ the matcher will not fail - and so you would fail up
front when making the matcher struct, rather than any match on that

Excellent, sir! Required reading for anybody passing around unescaped SQL.