Swedish letters fuck up parsing into SQL querry
Anders S
anders at xore.se
Mon Mar 23 15:16:24 UTC 2020
On Monday, 23 March 2020 at 14:58:03 UTC, bauss wrote:
> On Monday, 23 March 2020 at 14:26:46 UTC, Anders S wrote:
>> On Monday, 23 March 2020 at 13:53:50 UTC, Adam D. Ruppe wrote:
>>> My first thought is to!string(cellTab[CellIndex].name) is
>>> wrong, if it is a char[20] you should be scanning it to find
>>> the length and slicing. Maybe [0 .. name.indexOf("\0")] or
>>> whatever.
>>>
>>> You also shouldn't be building a query by concatenation.....
>>
>> Hi, thks
>>
>> do you mean I should loop through each pos till
>> strlen(cellTab[CellIndex].name) to find "\0"?
>>
>> How do you suggest I do the querry build then?
>
> This is open to sql injection.
>
> I thought we were rid of this in this day and age.
>
> Use prepared statements.
Yes true however I'm in early development and want to get a red
line working, then take care of the issues ;)
More information about the Digitalmars-d-learn
mailing list