what about using a text filed instead of a string field and using Yaml to load it into a hash and pass off to the include?
Would that be a bit more secure since I doesn't use an eval? It still allows the end user some direct input into the sql but I'm already allowing that with the where clause part anyway. This is only meant to be used by an administrator and not the average user so I'm ok with some risks. Bob -- You received this message because you are subscribed to the Google Groups "Hobo Users" group. To view this discussion on the web visit https://groups.google.com/d/msg/hobousers/-/EfJzd3OeYpYJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/hobousers?hl=en.
