[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

comp.lang.ruby

ruby mysql errors -where am I going wrong here?

Mer Gilmartin

10/25/2006 2:35:00 PM

Here is my test code. I am wondering where I am going wrong.
I get no errors but the [temp] section in the db is still NULL.

@mytext = 'hi this is a test'
userentry = TkEntry.new(Frameone)
userentry.value = @mytext
ev = TkVirtualEvent.new('Button-1', 'Return')
userentry.bind(ev){@mytext = userentry.value; puts @mytext}

swopframebutton.bind('ButtonRelease-1'){@mytext = userentry.value; puts
@mytext}

begin
# connect to the MySQL server
dbh = Mysql.real_connect("localhost", "testuser", "testpass",
"test")

#res = dbh.query("INSERT INTO password (user, upassword, temp)
VALUES('check', 'check', #{@mytext})")
"INSERT INTO password (user, upassword, temp) VALUES('check',
'check', '#{@mytext}')"

--
Posted via http://www.ruby-....
12 Answers

Mer Gilmartin

10/25/2006 3:26:00 PM

0

would more comments help? I think i know whats happening which makes it
more confusing that its not working.


--
Posted via http://www.ruby-....

Hidetoshi NAGAI

10/25/2006 3:33:00 PM

0

Mer Gilmartin

10/25/2006 3:46:00 PM

0

Hidetoshi NAGAI wrote:
> Hmmm.... Maybe, what you want to do is something like the following.

I cut it from a bigger program which had a lot of that code. But ill
check the code you gave me in case my understanding is lacking.

--
Posted via http://www.ruby-....

Mer Gilmartin

10/25/2006 3:51:00 PM

0

Mer Gilmartin wrote:
> Hidetoshi NAGAI wrote:
>> Hmmm.... Maybe, what you want to do is something like the following.
>
> I cut it from a bigger program which had a lot of that code. But ill
> check the code you gave me in case my understanding is lacking.

Sorry far. I can get the sample code to run, and Im finding it hard to
understand the very different way of doing it.

If anyone can help more I would be very grateful.

--
Posted via http://www.ruby-....

Mer Gilmartin

10/25/2006 3:52:00 PM

0

I meant "sorry so far I cant get the sample code to run".
This problem is really begining to bother me.

--
Posted via http://www.ruby-....

Hidetoshi NAGAI

10/25/2006 4:09:00 PM

0

Mer Gilmartin

10/25/2006 4:21:00 PM

0


> # As you know, the DB-update method is a dummy.

ah I didnt. Im trying to get my db update method to work.
I the first section of code I thought I had the mysql to update a db.

Eh Ill look at it again tomorrow.

--
Posted via http://www.ruby-....

Hugh Sasse

10/25/2006 7:20:00 PM

0

David Vallner

10/25/2006 10:27:00 PM

0

Hugh Sasse wrote:
> MySQL needs backticks `` for strings. Coming from Unix this was something
> I didn't expect.

Since it works for the strings 'check', that's obviously not the problem.

Also, I'd use a database API that supports parameter placeholders and
does query escaping for you.

Interpolating a string to get a SQL query is Bad (tm). Google around for
"sql injection", "pain", "anguish", "death" (right, some of those aren't
really related).

If anything, use Mysql.escape on strings first at the very least.

David Vallner

Mer Gilmartin

10/27/2006 1:21:00 PM

0

David Vallner wrote:
> Hugh Sasse wrote:
>> MySQL needs backticks `` for strings. Coming from Unix this was something
>> I didn't expect.
>
> Since it works for the strings 'check', that's obviously not the
> problem.

tested it to see if it changed anything. it doesnt. so you are right.

> Also, I'd use a database API that supports parameter placeholders and
> does query escaping for you.
>
> Interpolating a string to get a SQL query is Bad (tm). Google around for
> "sql injection", "pain", "anguish", "death" (right, some of those aren't
> really related).
>
> If anything, use Mysql.escape on strings first at the very least.
>
> David Vallner

I know about sql injection. I just want to get a working way of taking
in data to my db first. Since Im having problems with even that, im not
too worried about anything else. Plus this is going to be attached to
the net. Its going to be on a stand alone.

Does anyone see anything I might be forgetting or doing wrong in the
sample code. Where am i dropping the data? Am I getting the data right?
Am i doing anything else wrong?

--
Posted via http://www.ruby-....