Database of practicality will be an important factor for development of D language in the future
Shachar Shemesh via Digitalmars-d
digitalmars-d at puremagic.com
Thu Feb 2 05:28:48 PST 2017
On 02/02/17 14:50, Adam D. Ruppe wrote:
> On Thursday, 2 February 2017 at 05:33:57 UTC, FrankLike wrote:
>> For example, I want to do the execution of stored procedure for
>> MSSql、MySQL database. I found in Mysql-d, Mysql-Native, arsd, DDBC,
>> etc. there is no result.
>
> db.query("CALL my_procedure(args...)");
Generally speaking, you really don't want to do that. Ever. This code is
how SQL injection vulnerabilities are born.
Arguments should ALWAYS be passed out of line of the actual call
command, so that the server has no chance of confusing arguments and
commands.
Sadly, that typically requires a DB library specific to the DB in use.
Shachar
More information about the Digitalmars-d
mailing list