[TxMt] Broken in r1405: Execute Line / Selection as Query: Only works for a line - not multi-line selection

Allan Odgaard throw-away-1 at macromates.com
Mon Jul 16 19:41:55 UTC 2007


On 16. Jul 2007, at 11:14, Jeremy Keen wrote:

> Shame. I NEED multi-line SQL Execution. I will be sticking with a
> previous version of TM then.
>
> I can't see how the issue of SQL injection matters though...

I am parroting Ciarán here, but the problem with injection is when a  
string is taken from the user and just inserted into a query. E.g.  
SELECT * FROM table WHERE text = "$string" -- here the user would  
ensure that $string starts with "; and if multi-line queries is  
supported, can basically do whatever SQL command he desires.

It seems rather brutal to just cut-off the ability to do multi-line  
queries in the MySQL API, but apparently that’s what they decided.

> Anyone got a work-around? Can I use the SQL bundle from a previous
> version in the latest version?

That should work, I think r7187 is the last revision prior to the  
change. So use the following command to checkout that bundle:

     svn co http://macromates.com/svn/Bundles/trunk/Bundles/ 
SQL.tmbundle at 7187

There’s a lot of people who do want the multi-line query  
functionality back, and I used it as well, so presumably a solution  
will be found, but for now there is the old bundle for those who want  
it now.




More information about the textmate mailing list