Swedish letters fuck up parsing into SQL querry
bauss
jj_1337 at live.dk
Mon Mar 23 14:58:03 UTC 2020
On Monday, 23 March 2020 at 14:26:46 UTC, Anders S wrote:
> On Monday, 23 March 2020 at 13:53:50 UTC, Adam D. Ruppe wrote:
>> My first thought is to!string(cellTab[CellIndex].name) is
>> wrong, if it is a char[20] you should be scanning it to find
>> the length and slicing. Maybe [0 .. name.indexOf("\0")] or
>> whatever.
>>
>> You also shouldn't be building a query by concatenation.....
>
> Hi, thks
>
> do you mean I should loop through each pos till
> strlen(cellTab[CellIndex].name) to find "\0"?
>
> How do you suggest I do the querry build then?
This is open to sql injection.
I thought we were rid of this in this day and age.
Use prepared statements.
More information about the Digitalmars-d-learn
mailing list