...bout it? In other words, the only problems with eval are the same with SQL queries and other techniques that use user input directly? – Jay Apr 3 '10 at 13:59 10 ...

... and load it as required. This means that you can keep templates in files, SQL databases, or any other kind of storage that you want to use. Ruby distributions also include a command-line utility that enables you to process templates that are held in files without writing any additional code. Logica...

.../evil because it's treating unparamaterized data as code (this is why XSS, SQL injection, and stack smashes exist). @S.Lott: "It's only insecure if you are surrounded by evil sociopaths who are looking for ways to subvert your application." Cool, so say you make a program calc, and to add numbers it...

...og in again. It's fairly scalable - if you store it in a database, its one SQL statement executed, and with the correct indexes, it should take very little time to execute, even with multiple simultaneous users. Load testing here would definitely help though. If I read the question correctly, this w...

...it would in any other code). A very common case where this happens is java.sql.Connection.close(). As an aside, I am guessing that the code sample you have used is merely an example, but be careful of putting actual logic inside a finally block. The finally block is intended for resource clean-up (...

... of error handling based on the abstractions - for example, you handle all SQL-related errors in your data access code so that the part of the application that is interacting with domain objects is not exposed to the fact that there is a DB under the hood somewhere. There are a few related code sme...

... improper interpretation of user data (in this case, the string "Null") in SQL queries in various languages, including ColdFusion. It is not clear from the question that this is the source of the problem, and given the solution noted in a comment to the first answer (embedding the parameters in a s...

... means you can use the handy mongoDB $in clause, which works just like the SQL version of the same. model.find({ '_id': { $in: [ mongoose.Types.ObjectId('4ed3ede8844f0f351100000c'), mongoose.Types.ObjectId('4ed3f117a844e0471100000d'), mongoose.Types.ObjectId('4ed3f18132...

...son why app developers don't use object database management systems (aka NoSQL databases!) more widely is because of the investment in RDBMSs. Most of the time the database (not the database management system) is a mid-tier object model often involving distributed caches. This is where deletion casc...

...t be the best way of doing it but for someone used to RD (I'm also used to SQL) it's the fastest way to get productive. Since there is no constraints in regards to schema, you can whip up something that works and once you have the bandwidth to work on the most efficient way, you can change things ar...