On Saturday, 12 December 2015 at 13:18:12 UTC, anonymous wrote:
On 12.12.2015 08:44, Suliman wrote:
string query_string = (`SELECT user, password FROM
otest.myusers where
user LIKE ` ~ `'%` ~ request["username"].to!string ~ `%';`);
Don't piece queries together without escaping the dynamic
parts.
Imagine what happens when the user enters an apostrophe in the
username field.
Do you mean to wrap:
request["username"].to!string
in quotes?
no
What is you suggestion?
P.S. Look like code now work as expected. The problem was with
rs.next iterator.
