[Dovecot] How to prevent SQL injection

David Nugent davidn at datalinktech.com.au
Wed Jan 31 04:27:53 UTC 2007


On 30/01/2007, at 11:28 PM, Jakob Hirsch wrote:

> Quoting Timo Sirainen:
>
>> Last I checked MySQL library didn't support prepared statements at  
>> all.
>> Maybe v5 finally does?
>
> mysql's C API does it since 4.1 (see
> http://dev.mysql.com/doc/refman/4.1/en/c-api-prepared- 
> statements.html et
> sqq.). In theory, it should make things faster, but last time I check
> (with 5.0, AFAIR), it didn't give any performance advantage (was even
> slightly slower), but that may heavily depend on the environment,  
> flags etc.


Yes, it will be slower in many cases because MySQL prepared  
statements don't use the query cache (but it depends on whether  
queries would get any advantage from caching in the first place).

Regards,
David


More information about the dovecot mailing list