Apparently, in the fictional 23rd century relational databases and SQL are still in use not only by the United Federation of Planets but also by alien probes from the future! Normally Star Trek creates some technobabble gibberish for this sort of thing, so I certainly found this line surprising. Perhaps the writers thought it was just gibberish or that it would sound like gibberish to the average person.

But anyone who uses databases knows that SQL Injections can be a real issue. A SQL Injection refers to an issue when your app inadvertently allows a user to inject their own SQL into one of its database queries. Read this post on how to avoid them.

Essentially, it can occur when you use standard string concatenation to create an SQL query from user-provided text. If you prompt the user for a name so you can show their tasks, for example then you’d normally get SQL like this:

SELECT * FROM Task WHERE Name = 'Paul';

But what if the user provides malicious input, such as this: Paul’ OR 1

Then your concatenation code might create SQL like this:

SELECT * FROM Task WHERE Name = 'Paul' OR 1;

And this will return a lot more data. Obviously this is a simple example, but this type of exploit can be much more sophisticated. And apparently also something that alien probes from the future might try to use.

You can avoid this problem by taking advantage of a feature called database binding so that you do not use string concatenation to generate the SQL. With Xojo you do this by creating a prepared statement with placeholders for input strings and then let the database create the query itself using binding. So the SQL might look something like this:

SELECT * FROM Task WHERE Name = ?

Read the User Guide topic to more about how to avoid SQL injection by using prepared statements with your Xojo database code:

UserGuide:SQL Injection

And of course, relevant XKCD.

A quick Google search turned up an API by FunTranslations: https://funtranslations.com/api/klingon

It has simple usage where you send along the text in English and you get back a JSON result containing the text translated to Klingon. Here’s the result of my 15 minutes of effort to use this in a Xojo desktop app:

This is a pretty simple project with less than 20 lines of code.

You can recreate the layout using a couple TextFields and a Button. I used URLConnection to connect to the web service. You can also add that to the layout by dragging an Object from the Library and changing its Super property to “URLConnection”. I named this object “KlingonAPI”.

In the Button’s Action event the code sets up the call to the web service using the text entered in the first TextArea:

Dim url As String = "https://api.funtranslations.com/translate/klingon.json"

Dim param As String = "text=" + EncodeURLComponent(EnglishArea.Text)

KlingonAPI.SetRequestContent(param, "application/x-www-form-urlencoded")
KlingonAPI.Send("POST", url)

In the KlingonAPI URLConnection object, add the ContentReceived event. This code grabs the translated Klingon text from the JSON and displays it in the 2nd TextArea:

Try
  Dim json As New JSONItem(content)
  Dim contents As JSONItem
  contents = json.Value("contents")
  Dim klingonTranslation As String = contents.Value("translated")
  KlingonArea.Text = klingonTranslation
Catch e As JSONException
  MsgBox("Error processing API call. Content=" + content)
End Try

You can also add the Error event and have it display an error in case there’s a problem with the API call:

MsgBox("API Error: " + e.Message)

And that’s all there is to it.

You can download the project from here: KlingonTranslator Project, just remember some things can’t be translated!

I’ll leave it up to you to implement a Klingon to English translator, although you may want to make that a mobile app in case you are ever teleported to the bridge of a Klingon vessel.

Qapla’