That is correct. The MySQL backend uses the older API.
Regarding the SQL injection, note that the string values you pass as use()
elements will be escaped with mysql_real_escape_string().
Thanks,
Aleksander
On Wed, Mar 27, 2013 at 6:37 AM, Thiago Goulart <[email protected]>wrote:
> Hi guys!
>
> I hope this can help social community about Prepared Statement.
>
> I'm protecting my code against an SQL Injection attack and i'm testing
> SOCI mysql backend.
>
> Prepared Statement has a own API....
> http://dev.mysql.com/doc/refman/5.0/en/c-api-prepared-statements.html
>
> that is different from common API. SOCI use common API. So Prepared
> Statement is not supported by SOCI.
>
> For example, I'm analyzing soci_mysql_test_static app in ...
>
> // The prepared statements should survive session::reconnect().
> void test8()
>
> and it's using mysql_real_query to execute a sql statement. BUT this API
> is just for direct execution.
>
> For Prepared Statement, there is another API( mysql_stmt_init,
> mysql_stmt_prepare, mysql_stmt_bind_param and mysql_stmt_execute )
>
> if I'm wrong let me know!
>
> Tks!
>
>
>
> ------------------------------------------------------------------------------
> Own the Future-IntelĀ® Level Up Game Demo Contest 2013
> Rise to greatness in Intel's independent game demo contest.
> Compete for recognition, cash, and the chance to get your game
> on Steam. $5K grand prize plus 10 genre and skill prizes.
> Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
> _______________________________________________
> soci-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/soci-users
>
>
------------------------------------------------------------------------------
Own the Future-Intel® Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game
on Steam. $5K grand prize plus 10 genre and skill prizes.
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
_______________________________________________
soci-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/soci-users
