[erlang-questions] Of regexes and REs, and other irritating things...
Jesper Louis Andersen
Mon Aug 11 11:51:44 CEST 2014
The only slight problem here is MySQL, which picked a protocol that is
roughly impossible to handle correctly in any way, unless you parse the
text strings you have to send to it. I have a hunch that the lack of good
drivers is deeply tied into the problem of the protocols shortcomings.
On Mon, Aug 11, 2014 at 9:51 AM, Loïc Hoguin <essen@REDACTED> wrote:
> On 08/11/2014 06:02 AM, Mike Oxford wrote:
>> I need to so some input sanitizing for use against MySQL.
> Are you saying you are going to take this data and put it inside a query
> string? This isn't going to protect anything, escaping doesn't prevent SQL
> injection. Why not use a prepared statement instead? This makes the data
> separate from the query, you don't need to do any escaping and MySQL takes
> care of everything for you. Also make sure you are using the *binary*
> protocol, not the *text* one, and you're pretty much set.
> Loïc Hoguin
> erlang-questions mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the erlang-questions