Documentation seems outdated

Question

Documentation seems outdated

ds-gipe opened this issue a year ago · 3 comments

r"INSERT INTO payment (customer_id, amount, account_name) VALUES (:customer_id, :amount, :account_name)" .with(payments.iter().map(|payment| params! { "customer_id" => payment.customer_id, "amount" => payment.amount, "account_name" => payment.account_name.as_ref(), })) .batch(&mut conn) .await?;
Doesn't compile as str does not have a with method: method not found in &str

More importantly, there is no documentation on how to handle sql injection which seems to be a pretty important piece of any mysql driver.

ds-gipe commented a year ago

Thanks!

Answer 1 · 2023-10-25T20:08:11.000Z

Hi. Docs are ok - see the WithPatams trait. I believe it was mentioned by the compiler somewhere in your error message.

More importantly, there is no documentation on how to handle sql injection which seems to be a pretty important piece of any mysql driver.

Well.. Docs says "Prepared statements is the only way to pass rust value to the MySql server", in other words it is suggested to never use the text protocol for parametrized queries, everything else, I believe, is the developer's responsibility.

Answer 2 · 2023-10-25T20:14:41.000Z

Btw, almost all the docs examples are a part of a test suite, so it is asserted that everything is up to date, but note that imports are hidden for brevity. Please inspect the docstring source code to get the details.