mysql-5.1

I saw some similar question, none about mysql... Is there any way to do a sql injection into a SP? How do I protect from this on the SP level? In other words, can the Query strucutre, inside a SP can be modified in any way by an incoming parameter? If I send to a stored procedure the parameter "1;DELETE FROM users;--" and the query is: select * from T where = @p SQL injection is, basically, adding extra code to the query. The attack itself occurs because the server parses the input data as SQL code and executes it accordingly. You cannot protect from it on the SP level, because when the

I am transitioning from SQL Server to MySQL 5.1 and seem to be tripped up trying to create a table using a select statement so that the column is a bit. Ideally the following would work: CREATE TABLE myNewTable AS SELECT cast(myIntThatIsZeroOrOne as bit) AS myBit FROM myOldtable However sql is very unhappy at casting as a bit. How can I tell it to select an int column (which I know only has 0s and 1s) as a bit? You cannot! CAST and CONVERT only work to: BINARY[(N)] CHAR[(N)] DATE DATETIME DECIMAL[(M[,D])] SIGNED [INTEGER] TIME UNSIGNED [INTEGER] No room for: BIT, BITINT, TINYINT, MEDIUMINT,