On Saturday, 28 November 2020 at 17:50:43 UTC, kdevel wrote:
On Saturday, 28 November 2020 at 13:29:50 UTC, Ferhat Kurtulmuş
wrote:
On Saturday, 28 November 2020 at 12:01:59 UTC, Alex NL wrote:
Is there libs for SQLITE?
How to use it? thanks.
https://github.com/aferust/GtkD-examples-for-TreeView-and-ListBox
IMNSHO the code in example1.d
string sql = format("UPDATE User SET %s = '%s' WHERE id =
%s;", field, text, curId);
db.query(sql);
and that in example2.d
string sql = format("UPDATE User SET %s = '%s' WHERE id =
%d;", field, value, cid);
db.query(sql);
is prone to SQL injection attacks. Why don't you use ? as
placeholder as in the example
db.query("INSERT INTO people (id, name) VALUES (?, ?)", 5,
"Adam");
of
http://dpldocs.info/experimental-docs/arsd.database.html
If your database is compromised you can blame the arsd.database
author(s) for publishing a buggy db.escape function ;-)
I just didn't care about security vulnerability there. My focus
was on GtkD functions. But you are right. It may mislead newbies.
Library functions must have been used, not format, so that auto
escape can work. I am too lazy to fix it :)
