[Dovecot] How to prevent SQL injection
David Nugent
davidn at datalinktech.com.au
Wed Jan 31 04:27:53 UTC 2007
On 30/01/2007, at 11:28 PM, Jakob Hirsch wrote:
> Quoting Timo Sirainen:
>
>> Last I checked MySQL library didn't support prepared statements at
>> all.
>> Maybe v5 finally does?
>
> mysql's C API does it since 4.1 (see
> http://dev.mysql.com/doc/refman/4.1/en/c-api-prepared-
> statements.html et
> sqq.). In theory, it should make things faster, but last time I check
> (with 5.0, AFAIR), it didn't give any performance advantage (was even
> slightly slower), but that may heavily depend on the environment,
> flags etc.
Yes, it will be slower in many cases because MySQL prepared
statements don't use the query cache (but it depends on whether
queries would get any advantage from caching in the first place).
Regards,
David
More information about the dovecot
mailing list