New MySQL module
Issue #32
new
Currently, the mysql module only allows connections to a single database.
It would be useful to redo the mysql module and allow other modules to request a connection to a database. This might be implemented as a named database request. So the alias module could request access to the "alias" database, which gets mapped by the mysql module to hostname, port, username and password.
Comments (1)
-
Account Deleted
- Log in to comment
The following note about MySQL parameterization is copied from bug number 80 in old bug database:
Stagnate: MySQL parameterization is broken. Any query string with ? or # in it will have that substituted with no direct way to specify a literal.
C modules can pass the character as a parameter, but python modules cannot currently construct a query with those characters. There's probably a way to (ab)use MySQL functions to define the character without passing it directly.
Grel has acknowledged that there needs to be some fundamental changes to the MySQL interface, this is just a FYI.
To fix this, all C modules need to use EscapeString (in order to safely query), and then you can remove the code in Query() that does the substitution:
va_start(ap, fmt); for (c = fmt; *c; c++) if (*c == '?') space += strlen(va_arg(ap, const char *)) * 2 + 3; else if (*c == '#') { dummy = va_arg(ap, unsigned int); space += 10; } va_end(ap);cypherjf: I believe MySQL provides a C function called mysql_escape_string, this should be used instead of any custom-written function. Why? Because the RDMS will make sure everything that needs to be escaped will be.