On 3/24/20 7:15 AM, matheus wrote:
On Monday, 23 March 2020 at 15:41:50 UTC, Adam D. Ruppe wrote:
On Monday, 23 March 2020 at 15:15:12 UTC, Anders S wrote:
I'm creating a connection to the db and conn.exec(sql)
It depends on the library but it is almost always easier to do it
right than to do it the way you are.
like with my lib it is
db.query("update celldata set name = ?", new_name);
I'm not the OP but I have a question, isn't this passive to SQL
injection too, or your LIB will handle this somehow?
I haven't seen the code, but I'm going to guess this is using prepared
statements with the given string as a parameter. This is what
mysql-native does.
-Steve
