All geek questions in one place

Perl6 API with Slang :: SQL

Hi, I'm trying to make an API in Perl6 using Bailador, DBIish and Slang :: SQL, but when I try to use

sql select * from user where nom='"$name"'; do -> $row { "$row".say; }

instead

 sql select * from user where nom="try"; do -> $row { "$row".say; }

he will not tell me anything: c (obviously $ name == "try") I am looking for an hour on the Internet, but without an answer. I'm already trying to use only DBIish syntax, but it ends up with the same result. Can someone help me :)?

+5
source share
2 answers

You should use place holders, this is the main reason why. Slang does not make quotes of this type, and even if that were the case, you would have entered the entry point for the SQL injection exploit in your code - unless you had avoided the quotes in the variable.

Try instead:

 sql select * from user where nom = ?; with ($name) do -> $row { $row.say; }

Good luck with your application. By the way, there is a sub-editor that would be interested in your progress https://www.reddit.com/r/perl6

+6
source

So, I tried to answer Matt Oates, but he did not give me anything back (for example, if he did not find anything in the database). But I finally found the syntax that completed the task:

 my $email = request.params<email>; my $db = 'SELECT * FROM user WHERE email=?'; my $do = $*DB.prepare($db); $do.execute($email); my %row = $do.fetchrow_hashref; return (%row);
+1
source

Source: https://habr.com/ru/post/1247055/

More articles:


All Articles