[erlang-questions] Of regexes and REs, and other irritating things...
Jesper Louis Andersen
jesper.louis.andersen@REDACTED
Mon Aug 11 11:51:44 CEST 2014
The only slight problem here is MySQL, which picked a protocol that is
roughly impossible to handle correctly in any way, unless you parse the
text strings you have to send to it. I have a hunch that the lack of good
drivers is deeply tied into the problem of the protocols shortcomings.
On Mon, Aug 11, 2014 at 9:51 AM, Loïc Hoguin <essen@REDACTED> wrote:
> On 08/11/2014 06:02 AM, Mike Oxford wrote:
>
>> I need to so some input sanitizing for use against MySQL.
>>
>
> Are you saying you are going to take this data and put it inside a query
> string? This isn't going to protect anything, escaping doesn't prevent SQL
> injection. Why not use a prepared statement instead? This makes the data
> separate from the query, you don't need to do any escaping and MySQL takes
> care of everything for you. Also make sure you are using the *binary*
> protocol, not the *text* one, and you're pretty much set.
>
> --
> Loïc Hoguin
> http://ninenines.eu
>
> _______________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED
> http://erlang.org/mailman/listinfo/erlang-questions
>
--
J.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://erlang.org/pipermail/erlang-questions/attachments/20140811/09cc69b0/attachment.htm>
More information about the erlang-questions
mailing list