Swedish letters fuck up parsing into SQL querry
Steven Schveighoffer
schveiguy at gmail.com
Tue Mar 24 12:12:12 UTC 2020
On 3/24/20 7:15 AM, matheus wrote:
> On Monday, 23 March 2020 at 15:41:50 UTC, Adam D. Ruppe wrote:
>> On Monday, 23 March 2020 at 15:15:12 UTC, Anders S wrote:
>>> I'm creating a connection to the db and conn.exec(sql)
>>
>> It depends on the library but it is almost always easier to do it
>> right than to do it the way you are.
>>
>> like with my lib it is
>>
>> db.query("update celldata set name = ?", new_name);
>
> I'm not the OP but I have a question, isn't this passive to SQL
> injection too, or your LIB will handle this somehow?
I haven't seen the code, but I'm going to guess this is using prepared
statements with the given string as a parameter. This is what
mysql-native does.
-Steve
More information about the Digitalmars-d-learn
mailing list