Discussion:
[Haskell-cafe] Fwd: [Haskell-beginners] Database simple-mysql
Damien Mattei
2018-12-05 10:35:38 UTC
Permalink
-------- Message transféré --------
Sujet : [Haskell-beginners] Database simple-mysql
Date : Wed, 5 Dec 2018 11:29:30 +0100
De : Damien Mattei <***@oca.eu>
Répondre à : The Haskell-Beginners Mailing List - Discussion of
primarily beginner-level topics related to Haskell <***@haskell.org>
Pour : ***@haskell.org

why does this works:
let name = "'A 20'"

bd_rows <- query_ conn "select `N° BD` from sidonie.Coordonnées where
Nom = 'A 20'"

putStrLn $ show bd_rows
putStrLn $ show name

i got:

[Only {fromOnly = "-04.3982"}]
"'A 20'"
-04.3982


but not with this:

bd_rows <- query conn "select `N° BD` from sidonie.Coordonnées where
Nom = ?" (Only (name::String))

i got an empty result:

[]
...

???
--
***@unice.fr, ***@oca.eu, UNS / OCA / CNRS
_______________________________________________
Beginners mailing list
***@haskell.org
http://mail.haskell.org/cgi-bin/mailman/listinfo/beginners
Viktor Dukhovni
2018-12-05 15:51:53 UTC
Permalink
Post by Damien Mattei
let name = "'A 20'"
bd_rows <- query_ conn "select `N° BD` from sidonie.Coordonnées where
Nom = 'A 20'"
The "Nom" equality constraint was the String:

<A><SPACE><SPACE><SPACE><SPACE><2><0>
Post by Damien Mattei
bd_rows <- query conn "select `N° BD` from sidonie.Coordonnées where
Nom = ?" (Only (name::String))
No additional quoting is required or appropriate with prepared statements.
The "Nom" constraint in this case was incorrectly:

<'><A><SPACE><SPACE><SPACE><SPACE><2><0><'>

This is not Haskell-specific. The fact that prepared statement parameters
don't use or require quoting is an important safety feature (no SQL-injection
with prepared statements). Every language that offers SQL bindings with
prepared statement support behaves this way.
--
Viktor.
Loading...