World: r3wp

cool ! :-)

I didn't made it before because I wanted to keep track of the download 
stats (usefull info to estimate the size and activity of the community), 
but it's no more necessary, the community seems to be stable since 
several years now.

I think many of us don't use rebol.org as much as we should.

As a script owner on REBOL.org you have access to up-to-the-minute 
access and download stats.

I see that rebol.org has improved a lot. Good work guys!

Is there a top 10 most downloaded scripts ? (could be usefull to 
newcomers)

There's a top 250 most popular scripts -- available if you are logged 
on:

http://www.rebol.org/cgi-bin/cgiwrap/rebol/script-popularity.r?top=250

The popularity rating is an imperfect attempt to factor out downloads 
by bots (and many other factors) and arrive at something meaningful.

wow glayout is in the top 10   :-)  I'm proud  :-)

[maybe we should switch to Library -- we're off-topic for MySQL]

Can I upload a ZIP archive or does it require to upload only a single 
REBOL script ?

{switching to Library to answer that]

great! Thanks Doc 8)

MySQL Driver for REBOL version 1.1.0 released.


    Changes : http://softinnov.org/rebol/mysql-usage.html#sect2.1.
    Download: http://rebol.softinnov.org/mysql/

I really like the new preferred method.  Thanks for adding that.

Me too. Should we add /prevent-sql-injection with send/sql?

*send-sql

The prepared statements mode should protect from SQL injection : 
send-sql db [ "...?..." argument ]

I've hesitated between 'send-sql and 'do-sql. I've used 'do-sql for 
the Cheyenne/RSP database API, so the driver had 'send-sql.

even if 'argument is a SQL query in its own?

the query (string!) will be properly quoted and escaped, so it should 
do no harm.

for example :

argument: "SQL injection code"
send-sql db [ "SELECT * FROM table WHERE field like ?" argument ]

will produce 

 SELECT * FROM table WHERE field like 'SQL injection code' 

if 'argument itself, contains quotes, they will be escaped.

As always, smarter than I thought. And it is amazing what level of 
abstraction one can provide with so few lines of REBOL

You remind me that I should add a few lines about secure programming 
practices in the driver documentation.

Doc, I would try to apply to be listed here - http://www.mysql.com/products/connector/

note that there are also community drivers mentioned ...

now you can:

node: first send-sql/named db {select * from `node` where id=1 LIMIT 
0,1}

what about this?

node: db-get 'node [] {id=1}

and this:

db-get 'node [id name data] [{id=?} 1]

will send a query like:

{SELECT `id`,`name`,`data` FROM `node` WHERE id='1' LIMIT 0,1}

quoted columns.. 8)

column names

not sure but with latest mysql-driver

this works:
send-sql db ["INSERT INTO `engine` (`id`,`style`) VALUES 
('12',?)" "ciao;oo"]
will send {INSERT INTO `engine` (`id`,`style`) 
VALUES ('12','ciao;oo')}

this doesn't:
send-sql db "INSERT INTO `engine` (`id`,`style`) VALUES 
('12','ciao;oo')"
will send:
{INSERT INTO `engine` (`id`,`style`) 
VALUES ('12','ciao}

it worked before the new multiple statements feature

Interesting case, you're right, it may confuse the multistatement 
processing, I'll make a fix for that asap.

Thank you Dock!

Hi Doc, When will you release the multi-statement fix ?

Hi Joe, I should have time tomorrow to make that fix.

Am I missing something wihen querying multiple columns... seems I 
get the results as a single string.. 
ie: send-sql "select a, b from table";

returns something like     "aresultbresult" ?

nevermind

Beta release v1.1.1 with a fix for the semicolon issue in SQL strings 
: http://softinnov.org/tmp/mysql-protocol.r

Please let me know if there are still issues with multi-statements 
parsing.

Thank you Dock!