MySQL中不建议使用程序吗? [英] Aren't procedures recommended in MySQL?

问题描述

我希望看到有关MySQL存储过程的一些很好的参考.大量的应用程序演示了基于查询的例程，而没有太多例程/过程.这是MySQL的标准吗?如果是这样的话，如何保护应用程序免受SQL注入攻击?

解决方案

如果MySQL支持参数化查询，那也是安全的.通常，建议始终使用proc的建议较少，因为在当今，它不一定具有速度优势.我仍然认为在很多时候使用procs是一个好主意，尤其是如果要将SQL放在与代码分开的数据层中，那么您可以轻松地对其进行更改并清理代码库.

我希望使用存储过程作为查询是一个好主意.因为普通查询很容易被攻击，因为它们可以用于sql注入；也需要更多的代码处理才能编写.
而且，如果以后对其进行升级或更改，则很容易更改.

mysql的一些存储过程示例示例是-
存储过程 [ MySQl存储过程 [ 解决方案

If MySQL supports paramaterized queries, that is also safe. In general, there''s less advice to always use procs, because it''s not necessarily a speed benefit, nowadays. I still think it''s a good idea a lot of the time to use procs, esp if you want to put the SQL in a data layer seperate from your code, so you can change it easily and clean your code base.

I wish its a good idea using stored procedures as a queries. as normal queries can be attacked easily as they can used for a sql injection; also it requires more code process to write it.
And its easy to change on later on if you upgrade it or change it.

some stored procedures sample example for mysql are-
stored procedure[^]
MySQl Stored Procedure[^]

这篇关于MySQL中不建议使用程序吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！