Prepared statement support

I have an app written in C, and would like to use prepared statements to add documents to an index. However, manticore says “unknown command”

When I use “insert into table1 (id, title) values(1, ‘aaa’)”, then it succeeds.
Then I try the following prepared statement: “insert into table1 (id, title) values(?,?)”

This happens on the wire:

T 127.0.0.1:52662 → 127.0.0.1:9306 [AP] #158
…INSERT INTO table1 (id, title) VALUES(?,?)

T 127.0.0.1:9306 → 127.0.0.1:52662 [AP] #159
"…#08S01unknown command (code=22)

So the question is how to add documents safely to an index? I assume I just can’t or at least shouldn’t blindly concatenate the sql insert statement string as it contains untrusted input.

Manticore doesn’t support that part of the mysql protocol which is responsible for prepared statements, so you have to prepare a full query on the app’s side escaping the values properly.

Thank you for the response. Any plans to support it in future manticore releases?

It’s not in our nearest plans.