Den 2020-09-12 kl. 20:47, skrev Ahem A Rivet's Shot:
> On Sat, 12 Sep 2020 11:35:32 -0000 (UTC)
> Martin Gregorie wrote:
>
>> If your DBMS supports database procedures, using them is also a good way
>> to avoid injection attacks.
>
> Also a good way to ensure vendor lock-in.
>
Unless you write a glue layer (which I always do to encapsulate a 3rd
party component - at least on the server side)
Something like (extremely simplified - it is usually a couple of files
per db, with different scope where you set a bind varible compared to
where you use prepare/execute)
pseudo-language:
void Prepare()
switch (db)
{
postgres : {prepare the postgres way, and save pointers to variables}
oracle : {prepare the oracle way, and save pointers to variables}
whatever : {prepare the whatever way, and save pointers to variables}
}
--
Björn
--- SoupGate-Win32 v1.05
* Origin: Agency HUB, Dunedin - New Zealand | FidoUsenet Gateway (3:770/3)
|