Can you please consider adding prepared statements to this as it would help with security and most importantly speed on repeated queries
Request Prepared statements for MySQL
Discussion in 'Feature Suggestions' started by Caffeine, Jul 1, 2016.
-
Code:string MysqlEscape(string usString) { if (usString == null) { return null; } // SQL Encoding for MySQL Recommended here: // http://au.php.net/manual/en/function.mysql-real-escape-string.php // it escapes \r, \n, \x00, \x1a, baskslash, single quotes, and double quotes return Regex.Replace(usString, @"[\r\n\x00\x1a\\'""]", @"\$0"); }
-
-
Preventing SQL injections | Oxide
Also, do not rely on server shutdown hooks being properly called, many people shut down their servers via CTRL+C. -
-
If you're looking to fire multiple queries at once (which would likely only yield a minor benefit by reducing handshake overhead in the case of network connections and allowing better continuous writing to HDDs) then you can just append multiple queries to the query object provided by mysql.New(). -
-
EDIT: My argument was moot.
I think in the future it'd probably be useful when more plugins actually operate at a scale where prepared statement make a notable performance difference.Last edited by a moderator: Jul 1, 2016 -
-
There's certainly a scale sweet spot where it's useful, though. -
MySQL on Oxide is also broken that you can't use like anymore
IEnumerable<Dictionary<string, object>> res = _mySql.Query(sql, connection);
You now need to use some freaking callback who is pain in ass for everyone can't really work properly with plugin developing. You can't return anything from mysql (Like IEnumerable<Dictionary<string, object>> GetPlayerInfo(ulong playerid) ) only to get and use it on local function and insert/update stuff. For this very reason Player Database mysql support was broken.Last edited by a moderator: Jul 2, 2016 -
Last edited by a moderator: Jul 2, 2016