B4J Question I'm working on a new KVS library, MySQL problem.

LWGShane

Well-Known Member
Licensed User
Longtime User
I'm working on a new KVS library (version 3.0) and am having a bit of a problem with the MySQL part of the library: I cannot Get an object that was serialized with my Put method.

I have created a test MySQL server so don't worry about the credentials being visible or weak, etc.
Project is attached. Any ideas?
 

Attachments

  • UniverseCore.zip
    4.4 KB · Views: 210
Sort by date Sort by votes

Erel

B4X founder
Staff member
Licensed User
Longtime User
1. You should use parameterized queries:
B4X: 
Dim RS As ResultSet = SQL1.ExecQuery($"SELECT `Value` FROM `${Table}` WHERE `Key` = "${Key}""$)
This code will fail if the key includes a character that needs to be escaped and it is also vulnerable to SQL injections.

2. Same here:
B4X: 
SQL1.ExecNonQuery($"REPLACE INTO `${Table}`(`Key`,`Value`) VALUES("${Key}","${Ser.ConvertObjectToBytes(Value)}")"$)
This code will not create a valid blob. You must use ExecNonQuery2.
 
Upvote 0
You must log in or register to reply here.

Similar Threads

  • Question
B4J Question Why Can't I Write this KeyValueStore
Replies
11
Views
994
Erel
A
  • Question
B4J Question jRDC2 +SSL problem
Replies
1
Views
2K
OliverA
  • Question
B4J Question Problem with FileChooser (likely)
2
Replies
21
Views
4K
Giacomo
  • Question
B4J Question MySQL connection problem
Replies
4
Views
2K
besoft
  • Question
B4J Question Java v9.0.1 causes problems
2
Replies
26
Views
5K
ThRuST
Menu
Log in
Register
Cookies are required to use this site. You must accept them to continue using the site. Learn more…