The Foursquare Blog

Spent most of today reading through the various websites for for C++ wrappers of SQL databases. The best ones, in my opinion, are the official ones: mysql++ and libpqxx (was libpq++, but official now (2025) is libpqxx). Unfortunately, these are both tied strictly to their specific databases and are not database independent.

Also in the mix are DBConnect and GQL. Both are rather pointer-happy, but at least DBConnect encourages use of it's own smart pointer to avoid copious use of delete. On the plus side, they are database-independent.

Only mysql++ has the SSQLS feature. What is that you ask? It is a mechanism whereby you can easily create structures that mirror your database tables, and then go around using them as members of container objects, and doing things like:

query.insert(row_data);

This makes the library code extremely hairy (so hairy that it motivated a fork of the code a few years ago), but gives the advantage of enabling the compiler to check your field names, localizing your C++-to-SQL linkage in one place, and letting the library take care of generating properly escaped SQL code.

So far, my research confirms that the free software community still lacks a proper database independent C++ SQL library that shields the programmer as much as possible from quoting issues. As always, please email me if you know better.

Cool Program of the Day

Unpaste is a program by Jeroen Vermeulen that attempts to find repeated code in your C, C++, and Java programs. It is a work in progress, but already useful. It scans all the files you give it, and detects duplication even with name changes or differences in const.

[Edited to fix and remove broken links]

boog, your Snippets project is cool, but it's not a new idea. It reminds me of a similar project with the same name which I ran across back in the days I used to be a regular FidoNet user. It was run by a fellow named Bob Stout. Here is his original Snippets archive (archive.org) (github).

The license of each of the contributions varies with the contributor, but they are all freely available for use last time I checked.

You might consider joining forces with Bob Stout and combining your efforts to produce one large repository (perhaps mirrored on both sites). Not sure if you tried this already, but it would appear that the original Snippets site could use a little help.

Fun

While perusing the site, I found a link to The Parable Of Two Programmers (alternate link). Excellent read.

C++ and the Web

After writing a dynamic website for a client in PHP, I was struck by the lack of help that the language and interpreted nature of PHP gives a programmer for dealing with large sites. Also, I'm amazed at how many XSS and SQL injection attacks I see for PHP websites posted on Bugtraq. It reminds me of the arguments against C I used hear from anti-C people, who used to blame buffer overflows on the language. At the time, I thought it wasn't right to blame the language when it was the programmer's fault, but now I'm on the other side of the fence, taking a step backward (in my opinion) from the safety of C++ to the wild west of PHP.

And the problems with C pointed out in the past by security-conscious language bigots :-) are all "fixed" in PHP. There are no buffer overflows. There are no memory leaks. There are no real number size issues.

Instead, I'm now on the bigot side, and really missing strict type checks, and really missing a compiler to check all syntax. Wondering how people manage with this.

So I got to thinking, and I'm trying to design a PHP clone in C++. I'm writing about it now so that people can head me off at the pass if something like this already exists. My goals are to make it nearly impossible, or at least harder, for a programmer to put XSS or SQL injection bugs into their websites. Make the compiler check for these things. That's what C++ is for anyway.

Perhaps C++ can give the same structure and organization to a website that it gives to a large local application.

Some of these ideas were inspired by Joel Spolsky's article referenced by ncm's recent post, which referenced titus's recent post. I agree with Nathan, but Joel's article did get me thinking. His type method should fit nicely into C++, where everything is a type, and instead of the programmer doing the checking by reading "wrong" code, the compiler will do it, and enforce it.

So that's my idea, which I plan to call CPPHP. I hope to have some code someday soon that actually works. Right now I'm just prototyping my design. If this already exists somewhere, or if you just want to send feedback, please email me.

Edited to add:

I just want to plug John Torjo's win32gui library, which has some ambitious aims for programming GUI's with C++. If that could be done for the web, that would a wonderful advance.

[Edited to fix some broken links]