On Thu, Dec 4, 2008 at 6:46 AM, Derek Chen-Becker <[EMAIL PROTECTED]>wrote:
> Another follow up on the SQL validation; OrderBySql needs the audit as
> well. As a test, the following SQL fragment works in PostgreSQL:
>
I added the validation to OrderBySql yesterday.
>
> val stmt = conn.createStatement()
> stmt.executeQuery("select * from members order by userid; create table
> dummy (id serial primary key);")
>
> It throws an exception about multiple results being returned, but it still
> creates the table.
>
> Derek
>
>
> On Wed, Dec 3, 2008 at 4:11 PM, David Pollak <
> [EMAIL PROTECTED]> wrote:
>
>>
>>
>> On Wed, Dec 3, 2008 at 3:09 PM, Derek Chen-Becker <[EMAIL PROTECTED]>wrote:
>>
>>> Another thing I noticed is that Mapper doesn't seem to support a DECIMAL
>>> type, which is very useful in financial applications (among others). I'm
>>> writing a custom one for both Mapper and Record in the book, would anyone be
>>> interested in seeing those make it into the library? Besides the fields
>>> themselves I can update the Driver classes to add a decimalColumnType def.
>>
>>
>> Yes, please.
>>
>>
>>>
>>>
>>> Derek
>>>
>>> On Wed, Dec 3, 2008 at 4:05 PM, David Pollak <
>>> [EMAIL PROTECTED]> wrote:
>>>
>>>>
>>>>
>>>> On Wed, Dec 3, 2008 at 2:27 PM, Derek Chen-Becker <
>>>> [EMAIL PROTECTED]> wrote:
>>>>
>>>>> I was just wondering why the BySql QueryParam doesn't require the
>>>>> IHaveValidatedThisSql case class. Looking at the source it seems that it
>>>>> could be just as vulnerable to some shenanigans, although admittedly I'm
>>>>> not
>>>>> an expert on SQL injection attacks.
>>>>
>>>>
>>>> It probably is. I'll fix it. Good to see your eyeballs and frontal
>>>> lobes helping to clean the code!
>>>>
>>>>
>>>>>
>>>>>
>>>>> Derek
>>>>>
>>>>>
>>>>>
>>>>
>>>>
>>>> --
>>>> Lift, the simply functional web framework http://liftweb.net
>>>> Collaborative Task Management http://much4.us
>>>> Follow me: http://twitter.com/dpp
>>>> Git some: http://github.com/dpp
>>>>
>>>>
>>>>
>>>
>>>
>>>
>>
>>
>> --
>> Lift, the simply functional web framework http://liftweb.net
>> Collaborative Task Management http://much4.us
>> Follow me: http://twitter.com/dpp
>> Git some: http://github.com/dpp
>>
>>
>>
>
> >
>
--
Lift, the simply functional web framework http://liftweb.net
Collaborative Task Management http://much4.us
Follow me: http://twitter.com/dpp
Git some: http://github.com/dpp
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Lift" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/liftweb?hl=en
-~----------~----~----~----~------~----~------~--~---
