Re: How to check if result of request to DB is empty?

Sat, 12 Dec 2015 05:21:03 -0800 

On 12.12.2015 08:44, Suliman wrote:

string query_string = (`SELECT user, password FROM otest.myusers where
user LIKE ` ~ `'%` ~ request["username"].to!string ~ `%';`);


Don't piece queries together without escaping the dynamic parts.
Imagine what happens when the user enters an apostrophe in the
username field.


Do you mean to wrap:
  request["username"].to!string
in quotes?


no

























					Reply via email to