@aurynn yes but I wanted the gentoo freebsd one more

Portage on freebsd would be a dream

@beegrrl have you considered ... making it happen? 😉

@aurynn yes but I don't quite know enough about the ports tree to port portage

@aurynn i worry about that because it would mean re-writing all of the ports makefiles as ebuilds

@beegrrl You're a programmer! Write a program to read Makefile and output ebuild 😄

@aurynn i am *not* a programmer, just a sysadmin for now

My idea of makefile-> ebuild would be "decide if it's gnumake or posix make then run sed"

@beegrrl you're writing your own CMS, how is that not programming

@aurynn so far it's only getting ruby to put data into a database and I've only put a few hours into it. After I'm done with the little tui control panel I'll write some php to display it all

Please don't try running it yet unless it's in a vm. I take no responsibility for any damage I do to your databases

gitlab.com/beegrrl/bloatedblog

@beegrrl I only ever run things in VMs (or Docker). Isolation barrier all the things!

@aurynn looking through it, there are some typos. You might need to fix this one specifically

@aurynn i need to modify some stuff now that I think about it

Mysql doesn't need read access to /tmp because I've dumped the tmpfiles into variables

Hmmm I do need to sanitize though to prevent "Messed Up MySQL" syndrome. Is there a gem for this or does everyone just do it with sed and awk?

@beegrrl People use parameterised queries. Trying to sanitise input to avoid SQL injection is doomed to failure.

@aurynn it's all stuff I'm typing though hmmm

maybe I need to write a function to escape illegal characters and have php reassemble them on the fly

Ie "replace all instances of " with DUBQUOTE before storing into database, display DUBQUOTE as " to users"

@beegrrl It's good habit to do things the right way from the start, so you don't try to do things the wrong way later in your career

@aurynn i'll needa find some documentation on "best practices for storing illegal characters in a database"

This is the part that gets me pwnd

@beegrrl Parameterised queries! The driver handles wire-level byte count allocation, so unwrapped " never even gets seen by the query handler

@aurynn all I'm seeing on ddg for "parameterized queries" is "don't let users write queries, only variables"

Is it bad practice to do it in a high level language instead of writing prepare statements?

Show more

@aurynn @beegrrl also, just use sql variables. They're simpler than whatever you're thinking.

Sign in to participate in the conversation
Cloud Island

A paid, early access, strongly moderated Mastodon instance hosted entirely in New Zealand.