[Lift] Re: Mapper's BySql not "validated"?

Thu, 04 Dec 2008 06:46:15 -0800 

Another follow up on the SQL validation; OrderBySql needs the audit as well.
As a test, the following SQL fragment works in PostgreSQL:

val stmt = conn.createStatement()
stmt.executeQuery("select * from members order by userid; create table dummy
(id serial primary key);")

It throws an exception about multiple results being returned, but it still
creates the table.

Derek

On Wed, Dec 3, 2008 at 4:11 PM, David Pollak
<[EMAIL PROTECTED]>wrote:

>
>
> On Wed, Dec 3, 2008 at 3:09 PM, Derek Chen-Becker <[EMAIL PROTECTED]>wrote:
>
>> Another thing I noticed is that Mapper doesn't seem to support a DECIMAL
>> type, which is very useful in financial applications (among others). I'm
>> writing a custom one for both Mapper and Record in the book, would anyone be
>> interested in seeing those make it into the library? Besides the fields
>> themselves I can update the Driver classes to add a decimalColumnType def.
>
>
> Yes, please.
>
>
>>
>>
>> Derek
>>
>> On Wed, Dec 3, 2008 at 4:05 PM, David Pollak <
>> [EMAIL PROTECTED]> wrote:
>>
>>>
>>>
>>> On Wed, Dec 3, 2008 at 2:27 PM, Derek Chen-Becker <[EMAIL PROTECTED]
>>> > wrote:
>>>
>>>> I was just wondering why the BySql QueryParam doesn't require the
>>>> IHaveValidatedThisSql case class. Looking at the source it seems that it
>>>> could be just as vulnerable to some shenanigans, although admittedly I'm 
>>>> not
>>>> an expert on SQL injection attacks.
>>>
>>>
>>> It probably is.  I'll fix it.  Good to see your eyeballs and frontal
>>> lobes helping to clean the code!
>>>
>>>
>>>>
>>>>
>>>> Derek
>>>>
>>>>
>>>>
>>>
>>>
>>> --
>>> Lift, the simply functional web framework http://liftweb.net
>>> Collaborative Task Management http://much4.us
>>> Follow me: http://twitter.com/dpp
>>> Git some: http://github.com/dpp
>>>
>>>
>>>
>>
>>
>>
>
>
> --
> Lift, the simply functional web framework http://liftweb.net
> Collaborative Task Management http://much4.us
> Follow me: http://twitter.com/dpp
> Git some: http://github.com/dpp
>
> >
>

--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups 
"Lift" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at 
http://groups.google.com/group/liftweb?hl=en
-~----------~----~----~----~------~----~------~--~---

Reply via email to