From: Mer G. [email protected]
Subject: ruby mysql errors -where am I going wrong here?
Date: Wed, 25 Oct 2006 23:34:54 +0900
Message-ID: [email protected]
Here is my test code. I am wondering where I am going wrong.
I get no errors but the [temp] section in the db is still NULL.
(snip your code)
Hmmm… Maybe, what you want to do is something like the following.
require ‘tk’
def update_db
DB query
dbh.query("INSERT INTO password (user, upassword, temp)
VALUES(‘check’, ‘check’, #{@mytext})")
puts “update DB : @mytext = ‘#{@mytext}’”
end
From: Mer G. [email protected]
Subject: Re: ruby mysql errors -where am I going wrong here?
Date: Thu, 26 Oct 2006 00:52:00 +0900
Message-ID: [email protected]
I meant “sorry so far I cant get the sample code to run”.
Does it cause errors?
It will call the method to update the database, only if
the text in the entry is changed when the event ‘ev’ occurs.
MySQL needs backticks `` for strings. Coming from Unix this was something
I didn’t expect.
Since it works for the strings ‘check’, that’s obviously not the
problem.
tested it to see if it changed anything. it doesnt. so you are right.
Also, I’d use a database API that supports parameter placeholders and
does query escaping for you.
Interpolating a string to get a SQL query is Bad ™. Google around for
“sql injection”, “pain”, “anguish”, “death” (right, some of those aren’t
really related).
If anything, use Mysql.escape on strings first at the very least.
David V.
I know about sql injection. I just want to get a working way of taking
in data to my db first. Since Im having problems with even that, im not
too worried about anything else. Plus this is going to be attached to
the net. Its going to be on a stand alone.
Does anyone see anything I might be forgetting or doing wrong in the
sample code. Where am i dropping the data? Am I getting the data right?
Am i doing anything else wrong?
MySQL needs backticks `` for strings. Coming from Unix this was something
I didn’t expect.
Since it works for the strings ‘check’, that’s obviously not the
problem.
Also, I’d use a database API that supports parameter placeholders and
does query escaping for you.
Interpolating a string to get a SQL query is Bad ™. Google around for
“sql injection”, “pain”, “anguish”, “death” (right, some of those aren’t
really related).
If anything, use Mysql.escape on strings first at the very least.
I know about sql injection. I just want to get a working way of taking
in data to my db first. Since Im having problems with even that, im not
too worried about anything else. Plus this is going to be attached to
the net. Its going to be on a stand alone.
Fair enough. Still, try using placeholder parameters instead of string
interpolation to see if that’s indeed the problem?
MySQL/Ruby - under the documentation for the
Mysql::Stmt class shows how. Mysql::query doesn’t seem to support them.
Does anyone see anything I might be forgetting or doing wrong in the
sample code. Where am i dropping the data? Am I getting the data right?
Am i doing anything else wrong?
Litter some debugging output around? In particular, print @mytext at
various points, and the query string to a console to see if you’re
trying to put anything into the DB in the first place - the problem
might be in the Tk interaction code for what it’s worth. (I remain
blisfully ignorant on Tk by intention and GUI religious beliefs, so I
can’t ascertain anything about it from the code snippet.)