On Sat, 12 Sep 2020 08:04:27 +0100, Ahem A Rivet's Shot
declaimed the following:
> Doesn't mysql provide prepared statements with placeholders like
>sqlite does ? Those are the safest and easiest way to put user date into
>SQL.
It does since sometime in v4, but the API is a terror. One has to
populate a structure defining what the fields are (including datatypes,
buffer addresses, lengths for strings), invoke separate prepare and execute
calls.
The older API, and many of the adapters for scripting languages, relied
upon the client end quoting/escaping parameters and sending the command
entire.
--
Wulfraed Dennis Lee Bieber AF6VN
wlfraed@ix.netcom.com http://wlfraed.microdiversity.freeddns.org/
--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | FidoUsenet Gateway (3:770/3)
|