[erlang-questions] Of regexes and REs, and other irritating things...
Loïc Hoguin
essen@REDACTED
Mon Aug 11 11:56:32 CEST 2014
bank_mysql only offers the binary protocol and has a complete lack of
bundling data inside the query string, or parsing the query string. I am
not sure what you are talking about.
On 08/11/2014 11:51 AM, Jesper Louis Andersen wrote:
> The only slight problem here is MySQL, which picked a protocol that is
> roughly impossible to handle correctly in any way, unless you parse the
> text strings you have to send to it. I have a hunch that the lack of
> good drivers is deeply tied into the problem of the protocols shortcomings.
>
>
> On Mon, Aug 11, 2014 at 9:51 AM, Loïc Hoguin <essen@REDACTED
> <mailto:essen@REDACTED>> wrote:
>
> On 08/11/2014 06:02 AM, Mike Oxford wrote:
>
> I need to so some input sanitizing for use against MySQL.
>
>
> Are you saying you are going to take this data and put it inside a
> query string? This isn't going to protect anything, escaping doesn't
> prevent SQL injection. Why not use a prepared statement instead?
> This makes the data separate from the query, you don't need to do
> any escaping and MySQL takes care of everything for you. Also make
> sure you are using the *binary* protocol, not the *text* one, and
> you're pretty much set.
>
> --
> Loïc Hoguin
> http://ninenines.eu
>
> _________________________________________________
> erlang-questions mailing list
> erlang-questions@REDACTED <mailto:erlang-questions@REDACTED>
> http://erlang.org/mailman/__listinfo/erlang-questions
> <http://erlang.org/mailman/listinfo/erlang-questions>
>
>
>
>
> --
> J.
--
Loïc Hoguin
http://ninenines.eu
More information about the erlang-questions
mailing list