[AppDB] Make screen shots safe from SQL injection

Tue Jun 27 16:10:55 CDT 2006

Chris Morgan wrote:
>>>As we've discussed before I'd rather we did a single full pass of manual
>>>testing than several full passes.  It saves us time in that we don't have
>>>to test the same things repeatedly like we would have to do when making
>>>changes to things like classes that are used all over the code.
>>
>>Your logic is flawed and only applies if the patch has no bugs. By breaking
>>up the patch into smaller pieces you save time in testing when there are
>>problems.
>>
> 
> 
> When were you going to report the issue with query_parameters() that I found 
> the other day and sent in a unit test and patch for? 

Huh? Perhaps I would not have found it. It is Good you caught a bug in your own code.

> Why do projects like 
> Wine have automated tests instead of manual ones? I think we want to mirror 
> successful projects like this by automating our testing.  Manual testing may 
> catch some bugs but it is always going to be more time consuming and less 
> reproducable.
>
You still seem to be under the impression I am against automated testing. It is not a case of Manual vs Automated testing. Yes Wine 
has automated testing but it does not prevent regressions occurring. Wine has literaly hundreds of manual testers that use bugzilla 
and the AppDB to report how well wine is doing. With wine if a regression occurs at least the user has the option of using a 
previous version. Users of the AppDB do not have that option.

There are lots of times that people have asked someone to break up a patch. In fact, it is in our documentation that it is considerd 
best practice to keep patches small.

http://www.winehq.org/site?page=sending_patches.
http://www.winehq.org/site/docs/winedev-guide/style-notes

> As I've said before, manual testing is ok but isn't likely to be as good as 
> automated testing.  That function is used in all sql calls.  Modifying it 
> should mean that we have to check EVERY sql call in the appdb.
> 
To me if you are making a change to a function that is used "everywhere" then that goes into a patch by itself because we should 
test everywhere it is called.

Automated testing is only as good as the things it tests. If the test is flawed then it won't catch a bug and can give a false sense 
of security. Manual testing is only as good a the tests that the person does. Yes manual testing can be consuming but it is 
flexable. Neither are ideal.

I see that you have committed that patch while we were still discusing it. That tells me that my opinion just does not matter to you 
and you do not respect me.

I really hope that you tested it through and through.

--

Tony Lambregts