发表新帖
发表新帖

Variable column names using prepared statements

后端 未结
关注
7 745
不要未来只要你来
不要未来只要你来 2020-11-22 08:12

I was wondering if there was anyway to specify returned column names using prepared statements.

I am using MySQL and Java.

When I try it:

St
7条回答
  • 忘了有多久
    忘了有多久 (楼主)
    2020-11-22 08:56

    Prepare a whitelist of allowed column names. Use the 'query' to look up in the whitelist to see if the column name is there. If not, reject the query.

    0 讨论(0)
 看不清?
提交回复
热议问题