Thanks all for the feedback!
The :id syntax doesn't work for me in this case (plain ADP pages in
AOLserver) and I guess that is OpenACS specific (I run one such instance).
But [ns_dbquotevalue $id] works fine - so I should be pretty safe with that?
For the record: I'm running PostgreSQL 8.1.4
On 12/7/09 9:52 AM, Björn Þór Jónsson wrote:
But [ns_dbquotevalue $id] works fine - so I should be pretty safe with that?
You will be safe in that user-supplied input contained in $id will not
be able to result in a SQL injection attack.
--
Dossy Shiobara | do...@panoptic.com |
On Sun, Dec 6, 2009 at 9:27 PM, Don Baccus dhog...@pacifier.com wrote:
Just go away until you 1) understand the SQL standard and 2) Oracle.
Don! I am not the author of a database driver which cannot distinguish
the empty string and NULL, a driver for a database which can make the
distinction.
