On Mon, 14 Sep 2020 16:37:06 +0200, Björn Lundin wrote:

> Den 2020-09-12 kl. 19:54, skrev Martin Gregorie:
>
> 
> Interesting, I did not know the VAX thing.
> I'm pretty sure we used RDB on VAX before I was employed,
> but I'm not sure if they used prepare or not.
>
RDB - That was the name I was trying to remember!

At the time (late -80s, early 90s) the only interface between DEC COBOL
and RDB was a procedure you wrote, using its own language. It provided
COBOL-compatible call interfaces and a way to specify the query to RDB -
using a sort of pseudo-English that EC called Structured Query Language,
nothing like the semi-mathematical syntax of SQL as we know it.

The DEC SQL module was then compiled and staticlally linked with the
COBOL program that called it.

In short, if you ever used IDMS, which preceded the first Codd's first
RDBMS implementation you'd not miss the similarities between the way that
IDMS and RDB handled the interface to their respective databases.

In the flavour of IDMS (ICL IDMSX on the 2900) I used, the DB Admin used
an IDMS schema preprocessor to generate a COBOL module from the schema.
This provided the interface between your program and the database server.

When you wrote your COBOL application you specified DB access using a set
of COBOL statements that contained IDMS-specific verbs and that accessed
COBOL variables. A second preprocessor converted these statements into
compilable COBOL that called the code generated by the IDMS schema
processor. This was a very nice way to do it from the application
programmers viewpoint since all the code he wrote looked exactly like
normal COBOL, though with a few additional verbs.

>
> My main reason to reply was just to say that I think performace was the
> reason for prepare - not to prevent injection.
>
Sounds reasonable, and very useful when it also turned out to be a good
way to nullify SQL injection attacks.


--
Martin    | martin at
Gregorie  | gregorie dot org

--- SoupGate-Win32 v1.05