Good evening,
I was trying to sanitize statements, but something went awkward.
The following non sanitized codelet works ok:
str := 'INSERT INTO chaves_de_encriptacao (
numero_funcional,
chave_privada,
chave_publica) VALUES (''',
self personId leaId asString,''',
''',
self keyPair privateKey
asAsn1DerBytes asByteArray hex,''', ''',
self keyPair publicKey asAsn1DerBytes
asByteArray hex,''')'.
[ dbConnection execute: str ] on: Exception do: [ ^
false ].
But sanitized one:
str := dbConnection createStatement: 'INSERT INTO
chaves_de_encriptacao (
numero_funcional,
chave_privada,
chave_publica) VALUES (''?'',
''?'', ''?'')'.
str prepare.
str at: 1 bind: self personId leaId asString.
str at: 2 bind: self keyPair privateKey
asAsn1DerBytes asByteArray hex.
str at: 3 bind: self keyPair publicKey asAsn1DerBytes
asByteArray hex.
str execute.
returns exception mysqld_stmt_send_long_data (obviously
same thing happens with the shorthand
str := dbConnection prepare: ...
And I inspect most things but could not understand what's going
bad.
numero_funcional is INT(11)
chave_privada is VARBINARY(4096)
chave_publica is VARBINARY(4096)
Currently private and public keys are RSA 2048 keys (so, easilly
under the 4096 bytes available).
I wonder if the at: bind: consider that the parameter is a string
ended by \0 or something like that (that would explain the error
message).
As SQL is not my field, I wonder if someone could help to
elucidate what's going on.
Best regards,
Casimiro Barreto
Locked
