[erlang-questions] Of regexes and REs, and other irritating things...
Loïc Hoguin
essen@REDACTED
Mon Aug 11 09:51:40 CEST 2014
On 08/11/2014 06:02 AM, Mike Oxford wrote:
> I need to so some input sanitizing for use against MySQL.
Are you saying you are going to take this data and put it inside a query
string? This isn't going to protect anything, escaping doesn't prevent
SQL injection. Why not use a prepared statement instead? This makes the
data separate from the query, you don't need to do any escaping and
MySQL takes care of everything for you. Also make sure you are using the
*binary* protocol, not the *text* one, and you're pretty much set.
--
Loïc Hoguin
http://ninenines.eu
More information about the erlang-questions
mailing list