Re: CL pgm and pointer variables

[Hans Boldt <boldt@xxxxxxxxxx>]

Steve Richter wrote:
> Of course I validate input, just as an appl programmer should!  I am being
> minimal in  my example for the purpose of clarity. To add validatation to
> example I describe a 3rd array could be added.  The 1st array contains data
> pointers to the pgm variables to be populated, the 2nd array contains the
> field names of those variables as appears in the stdin stream received from
> the browser and the 3rd array contains error information retrieved when the
> stdin char data ( "fld1=22.5&fld2=abc+efg&...." ) could not be mapped into
> the data pointer addressed variable.
>
> I challenge you or others to show how this very important and common task of
> mapping data from the browser stdin stream into variables in a program could
> be done as directly and efficiently as can be done with data pointers.
First, if I recall correctly, data pointers are not terribly
efficient. (Which is just one reason why data pointers aren't put to
more use.) Compilers can always generate more efficient code when
all data types involved in an expression are known at compile-time.
(Not that performance is all that important in a CGI app, since I/O
latencies are clearly more important in such apps.)

Second, the conversion of a character value to the appropriate data
type typically involves only a single assignment anyways, for example:
   fld1 = %dec(envvar('fld1'):7:2);
   fld2 = envvar('fld2');
And so not a lot of code is saved by using some common mechanism. In
fact, if three arrays need to be set up to be able to use a common
routine, I suspect that would require even more coding!

My point is that the subsequent validation is (or often should be)
more coding anyways, and typically involves testing the range of
values, invalid characters, possible security exploits, etc.
Furthermore, the testing is generally specific to each input, which
again limits the usefulness of common validation code.

Cheers!  Hans