digitalmars.D.learn - How to connect to SQLITE?
- Alex NL (2/2) Nov 28 2020 Is there libs for SQLITE?
- Andre Pany (6/8) Nov 28 2020 You may use google translate,
- Ferhat =?UTF-8?B?S3VydHVsbXXFnw==?= (2/4) Nov 28 2020 https://github.com/aferust/GtkD-examples-for-TreeView-and-ListBox
- kdevel (18/22) Nov 28 2020 IMNSHO the code in example1.d
- Ferhat =?UTF-8?B?S3VydHVsbXXFnw==?= (5/28) Nov 28 2020 I just didn't care about security vulnerability there. My focus
Is there libs for SQLITE? How to use it? thanks.
Nov 28 2020
Andre Pany <andre s-e-a-p.de> On Saturday, 28 November 2020 at 12:01:59 UTC, Alex NL wrote:Is there libs for SQLITE? How to use it? thanks.You may use google translate, https://d-land.sepany.de/tutorials/datenbanken/sqlite-erste-schritte/ Here I describe how to use Sqlite using dub package arsd-official. Kind regards Andre
Nov 28 2020
On Saturday, 28 November 2020 at 12:01:59 UTC, Alex NL wrote:Is there libs for SQLITE? How to use it? thanks.https://github.com/aferust/GtkD-examples-for-TreeView-and-ListBox
Nov 28 2020
On Saturday, 28 November 2020 at 13:29:50 UTC, Ferhat Kurtulmuş wrote:On Saturday, 28 November 2020 at 12:01:59 UTC, Alex NL wrote:IMNSHO the code in example1.d string sql = format("UPDATE User SET %s = '%s' WHERE id = %s;", field, text, curId); db.query(sql); and that in example2.d string sql = format("UPDATE User SET %s = '%s' WHERE id = %d;", field, value, cid); db.query(sql); is prone to SQL injection attacks. Why don't you use ? as placeholder as in the example db.query("INSERT INTO people (id, name) VALUES (?, ?)", 5, "Adam"); of http://dpldocs.info/experimental-docs/arsd.database.html If your database is compromised you can blame the arsd.database author(s) for publishing a buggy db.escape function ;-)Is there libs for SQLITE? How to use it? thanks.https://github.com/aferust/GtkD-examples-for-TreeView-and-ListBox
Nov 28 2020
On Saturday, 28 November 2020 at 17:50:43 UTC, kdevel wrote:On Saturday, 28 November 2020 at 13:29:50 UTC, Ferhat Kurtulmuş wrote:I just didn't care about security vulnerability there. My focus was on GtkD functions. But you are right. It may mislead newbies. Library functions must have been used, not format, so that auto escape can work. I am too lazy to fix it :)On Saturday, 28 November 2020 at 12:01:59 UTC, Alex NL wrote:IMNSHO the code in example1.d string sql = format("UPDATE User SET %s = '%s' WHERE id = %s;", field, text, curId); db.query(sql); and that in example2.d string sql = format("UPDATE User SET %s = '%s' WHERE id = %d;", field, value, cid); db.query(sql); is prone to SQL injection attacks. Why don't you use ? as placeholder as in the example db.query("INSERT INTO people (id, name) VALUES (?, ?)", 5, "Adam"); of http://dpldocs.info/experimental-docs/arsd.database.html If your database is compromised you can blame the arsd.database author(s) for publishing a buggy db.escape function ;-)Is there libs for SQLITE? How to use it? thanks.https://github.com/aferust/GtkD-examples-for-TreeView-and-ListBox
Nov 28 2020