On 02/02/17 14:50, Adam D. Ruppe wrote:
On Thursday, 2 February 2017 at 05:33:57 UTC, FrankLike wrote:
For example, I want to do the execution of stored procedure for
MSSql、MySQL database. I found in Mysql-d, Mysql-Native, arsd, DDBC,
etc. there is no result.
db.query("CALL my_procedure(args...)");
Generally speaking, you really don't want to do that. Ever. This code is
how SQL injection vulnerabilities are born.
Arguments should ALWAYS be passed out of line of the actual call
command, so that the server has no chance of confusing arguments and
commands.
Sadly, that typically requires a DB library specific to the DB in use.
Shachar
