You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I presume that if a stack trace contains simple quotation marks ('), then it is not properly logged. Instead it logs the following error message:
1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '<something>'])
The text was updated successfully, but these errors were encountered:
Due to the goal of supporting outdated SQL-versions we previously used the pure python implementation of the MySQL-connector library (when establishing a connection the keyword-argument use-pure = True was given). Unfortunately, this implementation does not support the standard escaping functionalities motivating our own escaping functionality.
To fix this problem we intend to
drop the use-pure parameter to use the c implemenation
use prepared statements to insert values into a preexisting database
This issue is closely related to #83. Therefore a goal of the 'hotfix' is to use components that can be easily moved to a new structure described in the issue.
In particular:
Introduce a insert_values function with the parameters
talbe_name
keys
values
conditions
and handles the value insertion using prepared statements.
Every introduced functionality should be written with the goal of using bulk inserts
I presume that if a stack trace contains simple quotation marks (
'
), then it is not properly logged. Instead it logs the following error message:The text was updated successfully, but these errors were encountered: