Hi Olaf, On Tue, 2011-03-29 at 16:11 +0200, Olaf van der Spek wrote: > mysql_query() is unsafe (by default/design) and drizzle_query() > appears to be as bad. > For whatever reason PHP devs did not want to fix mysql_query(), but > IMO we should ensure drizzle_query() is safe. > > Are there any plans to achieve this?
In what way unsafe? If you mean vulnerable to an SQL injection, then using the prepared statement API in mysqli would probably be a better/safer option. Having a native prepared statement API in the drizzle plugin would be good but we first need support for it in libdrizzle (there was a blueprint for this somewhere). Kind Regards -- Andrew Hutchings - LinuxJedi - http://www.linuxjedi.co.uk/ _______________________________________________ Mailing list: https://launchpad.net/~drizzle-discuss Post to : [email protected] Unsubscribe : https://launchpad.net/~drizzle-discuss More help : https://help.launchpad.net/ListHelp
