Boost
C++ Libraries
...one of the most highly
regarded and expertly designed C++ library projects in the
world.
— Herb Sutter and Andrei
Alexandrescu, C++
Coding Standards
Boost
C++ Libraries
...one of the most highly
regarded and expertly designed C++ library projects in the
world.
— Herb Sutter and Andrei
Alexandrescu, C++
Coding Standards
To run a text query, use any of the following functions:
connection::query
or connection::async_query,
which execute the query and read the generated results.
connection::start_query
and connection::async_start_query,
which initiate a text query as a multi-function operation.
Almost any query that may be issued in the mysql
command line can be executed using this method. This includes SELECTs, UPDATEs,
INSERTs, DELETEs,
CREATE TABLEs...
In particular, you may start transactions issuing a START
TRANSACTION, commit them using COMMIT and rolling them back using ROLLBACK.
mysql_real_escape_string to sanitize
user provided input. This limits text queries to queries without parameters.
Doing composition by hand can lead to SQL injection vulnerabilities. Please
use prepared statements
instead, which perform composition server-side in a safe way.
![[Warning]](../../../../../doc/src/images/warning.png) |
Warning |
|---|---|
SQL injection warning: if you compose queries by concatenating strings without sanitization, your code is vulnerable to SQL injection attacks. Use prepared statements when possible! |
You should generally prefer prepared statements over text queries. Text queries can be useful for simple, non-parametrized queries:
"START TRANSACTION",
"COMMIT" and "ROLLBACK" queries, for transactions.
"SET NAMES utf8mb4"
and similar, to set variables for encoding, time zones and similar configuration
options.
"CREATE TABLE ..."
and similar DDL statements.
Avoid text queries involving user input.