On 3/24/20 7:15 AM, matheus wrote:
On Monday, 23 March 2020 at 15:41:50 UTC, Adam D. Ruppe wrote:
On Monday, 23 March 2020 at 15:15:12 UTC, Anders S wrote:
I'm creating a connection to the db and conn.exec(sql)

It depends on the library but it is almost always easier to do it right than to do it the way you are.

like with my lib it is

db.query("update celldata set name = ?", new_name);

I'm not the OP but I have a question, isn't this passive to SQL injection too, or your LIB will handle this somehow?

I haven't seen the code, but I'm going to guess this is using prepared statements with the given string as a parameter. This is what mysql-native does.


Reply via email to