Re: Swedish letters fuck up parsing into SQL querry
On Tuesday, 24 March 2020 at 14:10:19 UTC, WebFreak001 wrote: On Tuesday, 24 March 2020 at 11:15:24 UTC, matheus wrote: On Monday, 23 March 2020 at 15:41:50 UTC, Adam D. Ruppe wrote: On Monday, 23 March 2020 at 15:15:12 UTC, Anders S wrote: I'm creating a connection to the db and conn.exec(sql) It depends on the library but it is almost always easier to do it right than to do it the way you are. like with my lib it is db.query("update celldata set name = ?", new_name); I'm not the OP but I have a question, isn't this passive to SQL injection too, or your LIB will handle this somehow? If is the later could you please point the code on GitHub? Matheus. https://github.com/mysql-d/mysql-native/blob/8f9cb4cd9904ade43af006f96e5e03eebe7a7c19/source/mysql/protocol/comms.d#L494 it's builtin into mysql Ahhh, thanks need to dig into this and learn. Thanks guys for all the responses. Got plenty of leads to dig into, also issues I have to consider to be a better coder ;) Thks again
Re: Swedish letters fuck up parsing into SQL querry
On Tuesday, 24 March 2020 at 11:15:24 UTC, matheus wrote: On Monday, 23 March 2020 at 15:41:50 UTC, Adam D. Ruppe wrote: On Monday, 23 March 2020 at 15:15:12 UTC, Anders S wrote: I'm creating a connection to the db and conn.exec(sql) It depends on the library but it is almost always easier to do it right than to do it the way you are. like with my lib it is db.query("update celldata set name = ?", new_name); I'm not the OP but I have a question, isn't this passive to SQL injection too, or your LIB will handle this somehow? If is the later could you please point the code on GitHub? Matheus. https://github.com/mysql-d/mysql-native/blob/8f9cb4cd9904ade43af006f96e5e03eebe7a7c19/source/mysql/protocol/comms.d#L494 it's builtin into mysql
Re: Swedish letters fuck up parsing into SQL querry
On 3/24/20 7:15 AM, matheus wrote: On Monday, 23 March 2020 at 15:41:50 UTC, Adam D. Ruppe wrote: On Monday, 23 March 2020 at 15:15:12 UTC, Anders S wrote: I'm creating a connection to the db and conn.exec(sql) It depends on the library but it is almost always easier to do it right than to do it the way you are. like with my lib it is db.query("update celldata set name = ?", new_name); I'm not the OP but I have a question, isn't this passive to SQL injection too, or your LIB will handle this somehow? I haven't seen the code, but I'm going to guess this is using prepared statements with the given string as a parameter. This is what mysql-native does. -Steve
Re: Swedish letters fuck up parsing into SQL querry
On Monday, 23 March 2020 at 15:41:50 UTC, Adam D. Ruppe wrote: On Monday, 23 March 2020 at 15:15:12 UTC, Anders S wrote: I'm creating a connection to the db and conn.exec(sql) It depends on the library but it is almost always easier to do it right than to do it the way you are. like with my lib it is db.query("update celldata set name = ?", new_name); I'm not the OP but I have a question, isn't this passive to SQL injection too, or your LIB will handle this somehow? If is the later could you please point the code on GitHub? Matheus.
Re: Swedish letters fuck up parsing into SQL querry
On Monday, 23 March 2020 at 15:15:12 UTC, Anders S wrote: On Monday, 23 March 2020 at 15:07:31 UTC, Adam D. Ruppe wrote: On Monday, 23 March 2020 at 14:26:46 UTC, Anders S wrote: do you mean I should loop through each pos till strlen(cellTab[CellIndex].name) to find "\0"? strlen is ok, that gives the answer itself. Just slice to that. cellTab[CellIndex].name[0 .. strlen(cellTab[CellIndex].name.ptr)] could do it. or size_t end = 0; foreach(idx, ch; cellTab[CellIndex].name) if(ch == 0) { end = idx; break; } auto name = cellTab[CellIndex].name[0 .. end]; anything like that How do you suggest I do the querry build then? how are you running it? using a lib or just generating a .sql file? Hi, I'm creating a connection to the db and conn.exec(sql) I think I'll try the foreach to find out if it works ( tomorrow ) if you use mysql-native, use conn.exec("UPDATE celldata SET name=?, ...", name); where you can make a function for name = /// Takes the data part from a fixed length string until a null terminator. /// Returns: a slice of text until a null terminator or whole string in case there is none. const(char)[] str(size_t n)(const(char)[n] text) { // count until \0 (in bytes, so we can't cause utf decoding exception) auto end = text[].representation.countUntil(0); // return whole string if there is no \0, otherwise until \0 return end == -1 ? text[] : text[0 .. end]; } I think making your own function here instead of using to!string is what you want here. If you put in a char[20] into to!string, it will still return a string with the remaining characters being \0 characters.
Re: Swedish letters fuck up parsing into SQL querry
On Monday, 23 March 2020 at 15:07:31 UTC, Adam D. Ruppe wrote: On Monday, 23 March 2020 at 14:26:46 UTC, Anders S wrote: do you mean I should loop through each pos till strlen(cellTab[CellIndex].name) to find "\0"? strlen is ok, that gives the answer itself. Just slice to that. cellTab[CellIndex].name[0 .. strlen(cellTab[CellIndex].name.ptr)] could do it. or size_t end = 0; foreach(idx, ch; cellTab[CellIndex].name) if(ch == 0) { end = idx; break; } auto name = cellTab[CellIndex].name[0 .. end]; anything like that How do you suggest I do the querry build then? how are you running it? using a lib or just generating a .sql file? Hi, I'm creating a connection to the db and conn.exec(sql) I think I'll try the foreach to find out if it works ( tomorrow )
Re: Swedish letters fuck up parsing into SQL querry
On Monday, 23 March 2020 at 14:58:03 UTC, bauss wrote: On Monday, 23 March 2020 at 14:26:46 UTC, Anders S wrote: On Monday, 23 March 2020 at 13:53:50 UTC, Adam D. Ruppe wrote: My first thought is to!string(cellTab[CellIndex].name) is wrong, if it is a char[20] you should be scanning it to find the length and slicing. Maybe [0 .. name.indexOf("\0")] or whatever. You also shouldn't be building a query by concatenation. Hi, thks do you mean I should loop through each pos till strlen(cellTab[CellIndex].name) to find "\0"? How do you suggest I do the querry build then? This is open to sql injection. I thought we were rid of this in this day and age. Use prepared statements. Yes true however I'm in early development and want to get a red line working, then take care of the issues ;)
Re: Swedish letters fuck up parsing into SQL querry
On Monday, 23 March 2020 at 14:26:46 UTC, Anders S wrote: do you mean I should loop through each pos till strlen(cellTab[CellIndex].name) to find "\0"? strlen is ok, that gives the answer itself. Just slice to that. cellTab[CellIndex].name[0 .. strlen(cellTab[CellIndex].name.ptr)] could do it. or size_t end = 0; foreach(idx, ch; cellTab[CellIndex].name) if(ch == 0) { end = idx; break; } auto name = cellTab[CellIndex].name[0 .. end]; anything like that How do you suggest I do the querry build then? how are you running it? using a lib or just generating a .sql file?
Re: Swedish letters fuck up parsing into SQL querry
On Monday, 23 March 2020 at 14:26:46 UTC, Anders S wrote: On Monday, 23 March 2020 at 13:53:50 UTC, Adam D. Ruppe wrote: My first thought is to!string(cellTab[CellIndex].name) is wrong, if it is a char[20] you should be scanning it to find the length and slicing. Maybe [0 .. name.indexOf("\0")] or whatever. You also shouldn't be building a query by concatenation. Hi, thks do you mean I should loop through each pos till strlen(cellTab[CellIndex].name) to find "\0"? How do you suggest I do the querry build then? This is open to sql injection. I thought we were rid of this in this day and age. Use prepared statements.
Re: Swedish letters fuck up parsing into SQL querry
On Monday, 23 March 2020 at 13:53:50 UTC, Adam D. Ruppe wrote: My first thought is to!string(cellTab[CellIndex].name) is wrong, if it is a char[20] you should be scanning it to find the length and slicing. Maybe [0 .. name.indexOf("\0")] or whatever. You also shouldn't be building a query by concatenation. Hi, thks do you mean I should loop through each pos till strlen(cellTab[CellIndex].name) to find "\0"? How do you suggest I do the querry build then?
Re: Swedish letters fuck up parsing into SQL querry
My first thought is to!string(cellTab[CellIndex].name) is wrong, if it is a char[20] you should be scanning it to find the length and slicing. Maybe [0 .. name.indexOf("\0")] or whatever. You also shouldn't be building a query by concatenation.
Swedish letters fuck up parsing into SQL querry
Hi guys, I'm trying to read a name from a struct iorequest where the name is char name[20] The struct is received through a FIFO pipe and message is going into a mysql database to update specific post there. Now my problem is that all works fine to read and stop with '\0' termination till I receive a Swedish character, ie åäö. Then the string gets crazy and reads all 20 chars no matter what. Any ideas how to read all chars including åäö? Using "~ to!string(name) ~" to build the SQL querry string as below int extract_Cell_From_IOREQ(int CellIndex){ auto sql ="UPDATE celldata set name='"~ to!string(cellTab[CellIndex].name) ~"', ...