On 1/24/06, John Siracusa <[EMAIL PROTECTED]> wrote: > On 1/24/06, Rob Kinyon <[EMAIL PROTECTED]> wrote: > > It's a $dbh attribute. > > > > $dbh->{mysql_unsafe_bind_type_guessing} = 1; > > > > The reason it's considered 'unsafe' is that, theoretically, it's a > > place where SQL Injection -could- occur. However, it's extremely > > unlikely, given the strictness of the parsing. (You can review the > > parsing yourself - it's in dbdimp.c) > > Okay, I'll give it a try. It won't be unsafe in the context of RDBO > bitfields because the values are produced by format_bitfield(), which > we control. Of course, now I have to add code to figure out when I > need to use this attribute and when I don't. Safe or not, I don't > want to have it turned on for every query.
The reason I wrote the patch is so that I would use indices for numeric columns. If MySQL has to convert the value from a string to a number, it doesn't use an index. You might want to consider that when dealing with stuff. Also, you might want to consider using bind_param() instead of passing parameters to execute() directly. This patch only deals with parameters that don't have a type associated with them. If you use bind_param() instead, then you can associate the type and DBD::mysql shouldn't auto-quote it. Rob ------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Do you grep through log files for problems? Stop! Download the new AJAX search engine that makes searching your log files as easy as surfing the web. DOWNLOAD SPLUNK! http://sel.as-us.falkag.net/sel?cmd=lnk&kid3432&bid#0486&dat1642 _______________________________________________ Rose-db-object mailing list Rose-db-object@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/rose-db-object