i use odbc on R12B+unbuntu 8.04+Mysql 5.0.45 +unixODBC+MyOdbc 3.52<br>when i use param_query, i got <span style="color: rgb(255, 0, 0);">"No SQL-driver information available!<br><span style="color: rgb(0, 0, 0);">but sql_query works, as the code below,it's works, but it's maybe cause sql-injection,<br>
how to avoid it?<br><br><br>code:<br></span>handle_call({?PLLOGIN,Uid,Pwd},_From,State) -><br> io:format("PLLogin id:~w Uid:~w Pwd:~w~n",[?PLLOGIN,Uid,Pwd]),<br> [Conn] = State, %% get the connection back from the state<br>
io:format("select cno from customer where cno='"++binary_to_list(Uid)++"' and password='"++binary_to_list(Pwd)++"'"),<br> {ok,IsFound}=odbc:select_count(Conn,"select cno from customer where cno='"++<br>
binary_to_list(Uid)++"' and password='"++binary_to_list(Pwd)++"'"), <br>% {_SltState,IsFound}=odbc:param_query(Conn,"select count(*) from customer where ano=? and password=?",[{{sql_varchar,16},[Uid]},{{sql_varchar,20},[Pwd]}]),<br>
{reply,IsFound, State}.<br>%%it's works<br><br><br></span>4> Uid="root".<br>"root"<br>5> Pwd="123456".<br>"123456"<br>6> odbc:param_query(Conn,"select count(*) from customer where ano=? and password=?",[{{sql_varchar,16},[Uid]},{{sql_varchar,20},[Pwd]}]).<br>
{error,<span style="color: rgb(255, 0, 0);">"No SQL-driver information available.</span>"}<br>7> odbc:sql_query(Conn,"select version()").<br>{selected,["version()"],[{"5.0.45-3ubuntu1"}]}<br>
8> odbc:sql_query(Conn,"select * from customer"). {selected,["cno","ano","cname","score","money","regdate",<br> "password","status","memo","passwderrortimes","currency",<br>
"email"],<br> [{"root"," "," ","0.00","0.00",null,"123456","normal",null,<br> null,"RMB",null}]}<br>
<br>Wenew Zhang<br>