On Sunday, 27 November 2016 at 12:13:03 UTC, Nicholas Wilson
wrote:
On Sunday, 27 November 2016 at 11:49:25 UTC, Suliman wrote:
On Sunday, 27 November 2016 at 11:21:58 UTC, drug007 wrote:
void dbInsert(string login, string uploading_date, string
geometry_type, string data)
{
Statement stmt = conn.createStatement();
string sqlinsert = (`INSERT INTO usersshapes (userlogin,
uploading_date, geometry_type, data) VALUES ('%s', '%s', '%s',
'%s') `, login, uploading_date, geometry_type, data);
stmt.executeUpdate(sqlinsert);
scope(exit) stmt.close(); // closing
}
full code.
Looks like you forgot a call to format before the opening
parenthesis.
should be:
string sqlinsert = format(`INSERT INTO usersshapes (userlogin,
uploading_date, geometry_type, data) VALUES ('%s', '%s', '%s',
'%s') `, login, uploading_date, geometry_type, data);
because what ends up happening is :
string sqlinsert = data;
which is almost certainly not what you want.
As an aside, for security reasons you should use a prepared
statement.
Also, this is a decent usecase for scope(exit) but it should be
put earlier in the function.
