Hey John,
2011/6/3 John Robson <[email protected]>
> Hello,
>
> I would like to confirm if I'm doing it right.
>
> It does not work, ok?!
> ptr<User> user = session_.find<User>().where("email = ? AND pwd =
> ?").bind(email, pwd); tt.commit();
>
Try .bind(email).bind(pwd) ...
>
> But this works :)
> ptr<User> user = session_.find<User>().where("email = '" + email + "'
> AND pwd = '" + pwd + "'"); tt.commit();
>
You should avoid this syntax anyway because its insecure --
risk of the successful SQL injection attack if values of email and pwd
are from untrusted input (such as user input).
> How do I enter SQL commands directly?
>
> Thanks,
> John
>
>
>
> ------------------------------------------------------------------------------
> Simplify data backup and recovery for your virtual environment with
> vRanger.
> Installation's a snap, and flexible recovery options mean your data is
> safe,
> secure and there when you need it. Discover what all the cheering's about.
> Get your free trial download today.
> http://p.sf.net/sfu/quest-dev2dev2
> _______________________________________________
> witty-interest mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/witty-interest
>
--
// Dmitriy.
------------------------------------------------------------------------------
Simplify data backup and recovery for your virtual environment with vRanger.
Installation's a snap, and flexible recovery options mean your data is safe,
secure and there when you need it. Discover what all the cheering's about.
Get your free trial download today.
http://p.sf.net/sfu/quest-dev2dev2
_______________________________________________
witty-interest mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/witty-interest
