Database of practicality will be an important factor for development of D language in the future
Jack Applegame via Digitalmars-d
digitalmars-d at puremagic.com
Mon Feb 6 08:51:42 PST 2017
On Thursday, 2 February 2017 at 13:28:48 UTC, Shachar Shemesh
wrote:
> On 02/02/17 14:50, Adam D. Ruppe wrote:
>> On Thursday, 2 February 2017 at 05:33:57 UTC, FrankLike wrote:
>>> For example, I want to do the execution of stored procedure
>>> for
>>> MSSql、MySQL database. I found in Mysql-d, Mysql-Native, arsd,
>>> DDBC,
>>> etc. there is no result.
>>
>> db.query("CALL my_procedure(args...)");
>
> Generally speaking, you really don't want to do that. Ever.
> This code is how SQL injection vulnerabilities are born.
>
> Arguments should ALWAYS be passed out of line of the actual
> call command, so that the server has no chance of confusing
> arguments and commands.
>
> Sadly, that typically requires a DB library specific to the DB
> in use.
>
> Shachar
Do you really think that Adam does not know what is SQL-injection?
More information about the Digitalmars-d
mailing list