[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date
][Interchange by thread
]
[ic] complex sql query in a scan link
Chen Naor [chen@lilux.co.il] wrote:
>
> Is it posible to make a complex sql query in a scan link ? (I need to query
> from 2 diferent tables)
> for example:
> <a href="[area href=scan
> arg=|
> st=sql
> sq=select distinct products.* from products,prod_tech where
> products.sku=prod_tech.sku and products.category='BOGI' and
> (products.countries like '%ZZ%' or products.countries like 'E %') and
> prod_tech.tech1='big' order by products.sort
> sp=results_bo_p3
> ml=6
> |]">show</a>
>
> The query is working fine in pgsql.
>
No, it is not.
Instead, create a link like the following:
<a href="[area href=querypage form=|
category=whatever
anotherarg=something
foo=bar
|]">show</a>
Then create a "querypage.html" that includes a [query] tag and uses
the various URI arguments passed, such as [cgi category], in the
creation of its SQL query.
The scan's 'sq' parameter makes use of the SQL::Statement module,
which is not a full SQL parser and works on a pre-selected resultset.
If Interchange extracted arbitrary SQL statements from the URI and
passed them directly to your database server, the security of your
data would be at risk.
--
_/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/
_/_/_/ _/_/ _/ _/ _/ _/_/ _/ K e v i n W a l s h
_/ _/ _/ _/ _/ _/ _/ _/_/ kevin@cursor.biz
_/ _/ _/_/_/_/ _/ _/_/_/ _/ _/