[Haskell-cafe] Fwd: [Haskell-beginners] Database simple-mysql

Viktor Dukhovni ietf-dane at dukhovni.org
Wed Dec 5 15:51:53 UTC 2018

> why does this works:
> let name = "'A    20'"
> bd_rows <- query_ conn "select `N° BD` from sidonie.Coordonnées where
> Nom = 'A    20'"

The "Nom" equality constraint was the String:


> but not with this:
> bd_rows <- query conn "select `N° BD` from sidonie.Coordonnées where
> Nom = ?" (Only (name::String))

No additional quoting is required or appropriate with prepared statements.
The "Nom" constraint in this case was incorrectly:


This is not Haskell-specific.  The fact that prepared statement parameters
don't use or require quoting is an important safety feature (no SQL-injection
with prepared statements).  Every language that offers SQL bindings with
prepared statement support behaves this way.


More information about the Haskell-Cafe mailing list