使用 mysql2 ruby gem 创建准备好的语句
[英]Creating prepared statements with the mysql2 ruby gem
问题描述
I'm new to ruby and I thought that to help me learn I'd create a small command line script that creates database users in Mysql/MariaDB.
我是 ruby 的新手,我认为为了帮助我学习,我会创建一个小的命令行脚本,在 Mysql/MariaDB 中创建数据库用户。 I'm trying to use the mysql2 package however I have run into problems.我正在尝试使用mysql2 package但是我遇到了问题。 Here is the code I'm having an issue with, I've stripped out all the stuff that's not relevent:这是我遇到问题的代码,我已经删除了所有不相关的内容:
#!/usr/bin/env ruby
require 'mysql2'
root_password = 'root-pass-here'
user_name = 'jonny-5'
user_password = '5hortCi4cuit'
client = Mysql2::Client.new(:host => "localhost", :username => "root", :password => root_password)
statement = client.prepare("CREATE USER '?'@'localhost' IDENTIFIED BY '?';")
result = statement.execute(user_name, user_password)
p result
Gemfile:宝石文件:
source 'https://rubygems.org'
gem 'mysql2', '0.5.3'
I have tried all of these:我已经尝试了所有这些:
client.prepare("CREATE USER '?'@'localhost' IDENTIFIED BY '?';")
client.prepare("CREATE USER `?`@`localhost` IDENTIFIED BY `?`;")
client.prepare("CREATE USER (?)@'localhost' IDENTIFIED BY (?);")
client.prepare("CREATE USER ?@'localhost' IDENTIFIED BY ?;")
And get the following errors并得到以下错误
Bind parameter count (0) doesn't match number of arguments (2) (Mysql2::Error)
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '`?`' at line 1 (Mysql2::Error)
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '(?)@'localhost' IDENTIFIED BY (?)' at line 1 (Mysql2::Error)
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '?@'localhost' IDENTIFIED BY ?' at line 1 (Mysql2::Error)
So if I use what I believe to be the correct syntax it doesn't find my quesion marks, if I use any of the others it's like it finds them but doesn't replace them before executing the query.因此,如果我使用我认为正确的语法,它不会找到我的问号,如果我使用其他任何一个,它就像找到它们但在执行查询之前不会替换它们。
I am using MariaDB instead of MySQL but the mysql2 gem says it does support MariaDB.我正在使用 MariaDB 而不是 MySQL 但 mysql2 gem 说它确实支持 MariaDB。 I'm running 10.4.13 which is not listed on the github page, they only go as high as 10.3, however I have tested the CREATE USER 'username'@'localhost' IDENTIFIED BY 'password';我正在运行 github 页面上未列出的 10.4.13,它们仅 go 高达 10.3,但是我已经测试了CREATE USER 'username'@'localhost' IDENTIFIED BY 'password'; syntax via the command line and it works so I don't think that's the issue.通过命令行的语法并且它可以工作,所以我认为这不是问题。
Can anyone tell me where I'm going wrong?谁能告诉我哪里出错了?
1 个解决方案
解决方案1
0 2020-08-17 21:26:27
SQL placeholders substitute the whole parameter, and they handle strings and numbers correctly. SQL 占位符替换整个参数,它们正确处理字符串和数字。 That's why they are used to prevent SQL injection.这就是为什么它们被用来防止 SQL 注入。 Have you tried not putting the placeholders in quotes?您是否尝试过不将占位符放在引号中?
statement = client.prepare('CREATE USER ? IDENTIFIED BY ?;')
new_users.each do |user|
statement.execute("#{user}@localhost", 'pa55word')
end
# not tested, I don't have SQL installed
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.