I'm very new to erlang and I need to code something which inserts rows in a MySQL Database.

How can I prevent SQL Injections with Erlang? Is there also something like prepared statements in other Languages or how should I do it?

Thanks for your replies.

解決方案

This answer depends on the driver you are using.

Erlang ODBC has a function param_query that binds a set of parameters to the query and it might also escape all the SQL special characters.

erlang-mysql-driver has prepared statements:

%% Register a prepared statement

mysql:prepare(update_developer_country,

<>),

%% Execute the prepared statement

mysql:execute(p1, update_developer_country, [<>,<>]),

As a last resort you can always escape the characters

NUL (0x00) --> \0

BS (0x08) --> \b

TAB (0x09) --> \t

LF (0x0a) --> \n

CR (0x0d) --> \r

SUB (0x1a) --> \z

" (0x22) --> \"

% (0x25) --> \%

' (0x27) --> \'

\ (0x5c) --> \\

_ (0x5f) --> \_

總結

以上是生活随笔為你收集整理的erlang mysql性能瓶颈,Erlang Mysql：如何防止SQL注入的全部內容，希望文章能夠幫你解決所遇到的問題。

如果覺得生活随笔網站內容還不錯，歡迎將生活随笔推薦給好友。