On Tue, May 21, 2013 at 09:45:04AM +0200, Paolo Bonzini wrote:
> Hmm, that would be a bug.
DBI.MySQL.MySQLConnection fieldConverterClass uniqueInstance
print: ''';DROP TABLE;"DROP TABLE' on: stdout
This is the 'dual-use' of the FieldConverter. It is good for
SQLite/PostgreSQL queries but it is not really up to the task
for MySQL. The question is what do we do with MySQL in terms
of 'prepared' statements? The only thing I can think of is
a better >>% that is also doing SQL escaping (like the escaping
from ROE).
_______________________________________________
help-smalltalk mailing list
[email protected]
https://lists.gnu.org/mailman/listinfo/help-smalltalk
