On Sunday, 27 November 2016 at 12:13:03 UTC, Nicholas Wilson wrote:
On Sunday, 27 November 2016 at 11:49:25 UTC, Suliman wrote:
On Sunday, 27 November 2016 at 11:21:58 UTC, drug007 wrote:

void dbInsert(string login, string uploading_date, string geometry_type, string data)
        {
        
            Statement stmt = conn.createStatement();
string sqlinsert = (`INSERT INTO usersshapes (userlogin, uploading_date, geometry_type, data) VALUES ('%s', '%s', '%s', '%s') `, login, uploading_date, geometry_type, data);
                stmt.executeUpdate(sqlinsert);
                scope(exit) stmt.close(); // closing
        }

full code.

Looks like you forgot a call to format before the opening parenthesis.

should be:
string sqlinsert = format(`INSERT INTO usersshapes (userlogin,
 uploading_date, geometry_type, data) VALUES ('%s', '%s', '%s',
 '%s') `, login, uploading_date, geometry_type, data);

because what ends up happening is :
    string sqlinsert = data;
which is almost certainly not what you want.

As an aside, for security reasons you should use a prepared statement.

Also, this is a decent usecase for scope(exit) but it should be put earlier in the function.

Reply via email to