Printable View
Hi there
In one method, I need to use more than one queries to the database.
(LOCK table; select ....; update.....; unlock....
I'm using prepared statements but is it smart to enable allowMultiQueries=true
Is this big impact on app security (SQL injection in the first place)
Well, you say you;re using prepared statements, so SQL injection won't be a problem. Unless you're doing something really odd.
I would ask why you don't simply use a stored procedure though.
I think this is the best solution you can take. Using stored procedures you can easily handle transactions in case of any error. For example say you want to do an insertion to the DB as well as update on DB. And the update fail, and if you want to rollback the insertion it's very easy to handle in SPs. There is no any impact on SQL injections as well.Quote:
Originally Posted by Tolls
I was thinking to use stored procedures but it was asked from me to avoid them (and any other DB logic). Only standard sql queries...
Thanks :)
What requirement do you have that you think will be helped by multi queries (and avoiding SPs is just plain silly, frankly) rather than doing them separately?
It is a part of exam so the teacher wants to see SQL queries without SPs
Thanks
Then I suspect splurging them into one statement isn't really the idea either.
I agreed. What's the point of avoiding SPs. I never recommended to avoid SPs.Quote:
Originally Posted by Tolls
I wonder what your teacher really wants to test. :pQuote:
Originally Posted by flyfisherman