Hi Aleksander, thanks for your time.
So mysql backend has not Prepared Statement like mentionated in Statements,
procedures and transactions doc section. Just escape string is supported.
Prepared statement has a main option: increase performance for queries executes
more than once.
Are there some SOCI backend with Prepared Statement support?I would like to
contribute with a refactoring to session.prepared. If you want.
From: [email protected]
Date: Wed, 27 Mar 2013 09:04:21 -0700
To: [email protected]
Subject: Re: [soci-users] SOCI not support Prepared Statement(SQL Injection)
for MySQL backend
That is correct. The MySQL backend uses the older API.
Regarding the SQL injection, note that the string values you pass as use()
elements will be escaped with mysql_real_escape_string().
Thanks,
Aleksander
On Wed, Mar 27, 2013 at 6:37 AM, Thiago Goulart <[email protected]> wrote:
Hi guys!
I hope this can help social community about Prepared Statement.
I'm protecting my code against an SQL Injection attack and i'm testing SOCI
mysql backend.
Prepared Statement has a own
API....http://dev.mysql.com/doc/refman/5.0/en/c-api-prepared-statements.html
that is different from common API. SOCI use common API. So Prepared Statement
is not supported by SOCI.
For example, I'm analyzing soci_mysql_test_static app in ...
// The prepared statements should survive session::reconnect().
void test8()
and it's using mysql_real_query to execute a sql statement. BUT this API is
just for direct execution.
For Prepared Statement, there is another API( mysql_stmt_init,
mysql_stmt_prepare, mysql_stmt_bind_param and mysql_stmt_execute )
if I'm wrong let me know!
Tks!
------------------------------------------------------------------------------
Own the Future-IntelĀ® Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game
on Steam. $5K grand prize plus 10 genre and skill prizes.
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________
soci-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/soci-users
------------------------------------------------------------------------------
Own the Future-IntelĀ® Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game
on Steam. $5K grand prize plus 10 genre and skill prizes.
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________
soci-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/soci-users
------------------------------------------------------------------------------
Own the Future-Intel® Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game
on Steam. $5K grand prize plus 10 genre and skill prizes.
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________
soci-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/soci-users
