[erlang-questions] Of regexes and REs, and other irritating things...

Loïc Hoguin <>
Mon Aug 11 11:56:32 CEST 2014


bank_mysql only offers the binary protocol and has a complete lack of 
bundling data inside the query string, or parsing the query string. I am 
not sure what you are talking about.

On 08/11/2014 11:51 AM, Jesper Louis Andersen wrote:
> The only slight problem here is MySQL, which picked a protocol that is
> roughly impossible to handle correctly in any way, unless you parse the
> text strings you have to send to it. I have a hunch that the lack of
> good drivers is deeply tied into the problem of the protocols shortcomings.
>
>
> On Mon, Aug 11, 2014 at 9:51 AM, Loïc Hoguin <
> <mailto:>> wrote:
>
>     On 08/11/2014 06:02 AM, Mike Oxford wrote:
>
>         I need to so some input sanitizing for use against MySQL.
>
>
>     Are you saying you are going to take this data and put it inside a
>     query string? This isn't going to protect anything, escaping doesn't
>     prevent SQL injection. Why not use a prepared statement instead?
>     This makes the data separate from the query, you don't need to do
>     any escaping and MySQL takes care of everything for you. Also make
>     sure you are using the *binary* protocol, not the *text* one, and
>     you're pretty much set.
>
>     --
>     Loïc Hoguin
>     http://ninenines.eu
>
>     _________________________________________________
>     erlang-questions mailing list
>      <mailto:>
>     http://erlang.org/mailman/__listinfo/erlang-questions
>     <http://erlang.org/mailman/listinfo/erlang-questions>
>
>
>
>
> --
> J.

-- 
Loïc Hoguin
http://ninenines.eu



More information about the erlang-questions mailing list