On Sat, 12 Dec 2015 07:44:40 +, Suliman wrote:
>>> string query_string = (`SELECT user, password FROM otest.myusers where
>>> user LIKE ` ~ `'%` ~ request["username"].to!string ~ `%';`);
>>
>> Don't piece queries together without escaping the dynamic parts.
>> Imagine what happens when the use
On Saturday, 12 December 2015 at 13:18:12 UTC, anonymous wrote:
On 12.12.2015 08:44, Suliman wrote:
string query_string = (`SELECT user, password FROM
otest.myusers where
user LIKE ` ~ `'%` ~ request["username"].to!string ~ `%';`);
Don't piece queries together without escaping the dynamic
pa
On 12.12.2015 08:44, Suliman wrote:
string query_string = (`SELECT user, password FROM otest.myusers where
user LIKE ` ~ `'%` ~ request["username"].to!string ~ `%';`);
Don't piece queries together without escaping the dynamic parts.
Imagine what happens when the user enters an apostrophe in the
On Saturday, 12 December 2015 at 12:43:36 UTC, Suliman wrote:
On Saturday, 12 December 2015 at 12:36:10 UTC, Suliman wrote:
On Saturday, 12 December 2015 at 12:14:30 UTC, Vadim Lopatin
wrote:
On Saturday, 12 December 2015 at 12:06:21 UTC, Suliman wrote:
On Saturday, 12 December 2015 at 11:53:5
On Saturday, 12 December 2015 at 12:36:10 UTC, Suliman wrote:
On Saturday, 12 December 2015 at 12:14:30 UTC, Vadim Lopatin
wrote:
On Saturday, 12 December 2015 at 12:06:21 UTC, Suliman wrote:
On Saturday, 12 December 2015 at 11:53:51 UTC, Suliman wrote:
On Saturday, 12 December 2015 at 11:31:1
On Saturday, 12 December 2015 at 12:14:30 UTC, Vadim Lopatin
wrote:
On Saturday, 12 December 2015 at 12:06:21 UTC, Suliman wrote:
On Saturday, 12 December 2015 at 11:53:51 UTC, Suliman wrote:
On Saturday, 12 December 2015 at 11:31:18 UTC, Suliman wrote:
Oh sorry! I used wrong host! All ok!
Y
On Saturday, 12 December 2015 at 12:06:21 UTC, Suliman wrote:
On Saturday, 12 December 2015 at 11:53:51 UTC, Suliman wrote:
On Saturday, 12 December 2015 at 11:31:18 UTC, Suliman wrote:
Oh sorry! I used wrong host! All ok!
Yes, there was issue with host name, but it's do not solve
problem. S
On Saturday, 12 December 2015 at 11:53:51 UTC, Suliman wrote:
On Saturday, 12 December 2015 at 11:31:18 UTC, Suliman wrote:
Oh sorry! I used wrong host! All ok!
Yes, there was issue with host name, but it's do not solve
problem. Second DB have same fields and I still getting false
instead mo
On Saturday, 12 December 2015 at 11:31:18 UTC, Suliman wrote:
Oh sorry! I used wrong host! All ok!
Yes, there was issue with host name, but it's do not solve
problem. Second DB have same fields and I still getting false
instead moving into while loop
Oh sorry! I used wrong host! All ok!
On Saturday, 12 December 2015 at 10:36:12 UTC, drug wrote:
12.12.2015 13:28, Suliman пишет:
it's seems that next block is execute even if is rs.next() is
false:
writeln("rs.next()-->", rs.next());
if(!rs.next()) //if user do not in DB
{
// is execute even if rs.next() is false
writeln("Execute
12.12.2015 13:28, Suliman пишет:
it's seems that next block is execute even if is rs.next() is false:
writeln("rs.next()-->", rs.next());
if(!rs.next()) //if user do not in DB
{
// is execute even if rs.next() is false
writeln("Executed, but rs.nst was set to false");
}
The output:
rs.next()--
it's seems that next block is execute even if is rs.next() is
false:
writeln("rs.next()-->", rs.next());
if(!rs.next()) //if user do not in DB
{
// is execute even if rs.next() is false
writeln("Executed, but rs.nst was set to false");
}
The output:
rs.next()-->false
Executed, but rs.nst was s
string query_string = (`SELECT user, password FROM
otest.myusers where
user LIKE ` ~ `'%` ~ request["username"].to!string ~ `%';`);
Don't piece queries together without escaping the dynamic
parts. Imagine what happens when the user enters an apostrophe
in the username field.
Do you mean to
On 11.12.2015 22:05, Suliman wrote:
I am using https://github.com/buggins/ddbc
string query_string = (`SELECT user, password FROM otest.myusers where
user LIKE ` ~ `'%` ~ request["username"].to!string ~ `%';`);
Don't piece queries together without escaping the dynamic parts. Imagine
what happ
I am using https://github.com/buggins/ddbc
string query_string = (`SELECT user, password FROM otest.myusers
where user LIKE ` ~ `'%` ~ request["username"].to!string ~ `%';`);
auto rs = db.stmt.executeQuery(query_string);
string dbpassword;
string dbuser;
while
16 matches
Mail list logo