On 11.12.2015 22:05, Suliman wrote:
I am using https://github.com/buggins/ddbc
string query_string = (`SELECT user, password FROM otest.myusers where
user LIKE ` ~ `'%` ~ request["username"].to!string ~ `%';`);
Don't piece queries together without escaping the dynamic parts. Imagine
what happens when the user enters an apostrophe in the username field.
Also, are you using LIKE when authenticating the user? O_O
How I can check if SQL request returned empty result?
When the result is empty, then rs.next() returns false on the first
call, I presume.