Groups | Search | Server Info | Login | Register

Groups > comp.databases.mysql > #7800

Re: Escaping Strings

From Lawrence D'Oliveiro <ldo@nz.invalid>
Newsgroups comp.databases.mysql
Subject Re: Escaping Strings
Date 2024-08-24 22:49 +0000
Organization A noiseless patient Spider
Message-ID <vado22$1igfq$4@dont-email.me> (permalink)
References <v748rm$tapm$2@dont-email.me> <ligh9mFb2hjU1@mid.individual.net> <va8se0$otgt$4@dont-email.me> <liqmd6Fr82iU1@mid.individual.net>

Show all headers | View raw

On Fri, 23 Aug 2024 07:52:38 +0200, J.O. Aho wrote:

> On 23/08/2024 04.33, Lawrence D'Oliveiro wrote:
>
>> On Mon, 19 Aug 2024 11:24:06 +0200, J.O. Aho wrote:
>> 
>>> I would looked into using parameterized queries ...
>> 
>> There are lots of cases they don’t handle. Like for example LIKE and
>> REGEXP operands.
> 
> LIKE:
> select * from table where column1 like ?;

Like: you want to do a partial match on what the user typed. And what
the user typed can include characters like “%” and “_”, which you
don’t want to be mistaken for wildcards.

Another example: can your parameterized queries handle dynamic SQL
like this?

    for artwork_url, timestamp in \
        db_iter \
          (
            conn = db,
            cmd =
                    "select artworks.artwork_url as artwork_url,"
                    " %(func)s(artwork_stats.timestamp) as timestamp"
                    " from artworks inner join artwork_stats on"
                    " artworks.artwork_url = artwork_stats.artwork_url"
                    " group by artwork_stats.artwork_url"
                    " order by timestamp %(order)s"
                %
                    {
                        "func" : ("min", "max")[which == "latest"],
                        "order" : ("asc", "desc")[which == "earliest"],
                    }
          ) \
    :
        sys.stdout.write \
          (
                "%s %s\n"
            %
                (artwork_url, format_timestamp(timestamp))
          )
    #end for

Back to comp.databases.mysql | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

Escaping Strings Lawrence D'Oliveiro <ldo@nz.invalid> - 2024-07-15 22:46 +0000
  Re: Escaping Strings "J.O. Aho" <user@example.net> - 2024-08-19 11:24 +0200
    Re: Escaping Strings Lawrence D'Oliveiro <ldo@nz.invalid> - 2024-08-23 02:33 +0000
      Re: Escaping Strings "J.O. Aho" <user@example.net> - 2024-08-23 07:52 +0200
        Re: Escaping Strings Lawrence D'Oliveiro <ldo@nz.invalid> - 2024-08-24 22:49 +0000
          Re: Escaping Strings "J.O. Aho" <user@example.net> - 2024-08-25 09:27 +0200
            Re: Escaping Strings Lawrence D'Oliveiro <ldo@nz.invalid> - 2024-09-05 06:11 +0000

csiph-web