[erlang-questions] Of regexes and REs, and other irritating things...
Mon Aug 11 11:56:32 CEST 2014
bank_mysql only offers the binary protocol and has a complete lack of
bundling data inside the query string, or parsing the query string. I am
not sure what you are talking about.
On 08/11/2014 11:51 AM, Jesper Louis Andersen wrote:
> The only slight problem here is MySQL, which picked a protocol that is
> roughly impossible to handle correctly in any way, unless you parse the
> text strings you have to send to it. I have a hunch that the lack of
> good drivers is deeply tied into the problem of the protocols shortcomings.
> On Mon, Aug 11, 2014 at 9:51 AM, Loïc Hoguin <essen@REDACTED
> <mailto:essen@REDACTED>> wrote:
> On 08/11/2014 06:02 AM, Mike Oxford wrote:
> I need to so some input sanitizing for use against MySQL.
> Are you saying you are going to take this data and put it inside a
> query string? This isn't going to protect anything, escaping doesn't
> prevent SQL injection. Why not use a prepared statement instead?
> This makes the data separate from the query, you don't need to do
> any escaping and MySQL takes care of everything for you. Also make
> sure you are using the *binary* protocol, not the *text* one, and
> you're pretty much set.
> Loïc Hoguin
> erlang-questions mailing list
> erlang-questions@REDACTED <mailto:erlang-questions@REDACTED>
More information about the erlang-questions