12 Sep
2006
12 Sep
'06
6:31 p.m.
Paul Davis wrote :
id = "2 ; delete from persons ;"
sql << "select first_name, last_name, date_of_birth " "from persons where id = " << id
Someone just deleted your persons table. Oops.
In my example sql was supposed to be a special stream type overloaded to escape types correctly. I thought SOCI worked that way, but in fact it seems it is not the case. You could do this, though std::string name; sql << "select phone from phonebook where name = :name", use(name);