++ certainly. I just thought I'd give a little prod in the right direction.. 8)
On Mon, Jan 16, 2012 at 9:06 AM, Bill Moseley <[email protected]> wrote: > > > On Mon, Jan 16, 2012 at 1:58 AM, <[email protected]> wrote: > >> >> Passing variblles into [% ... %] is a on going problem for me. >> >> a keyone is >> >> [% pagecode = data.page_name %] *picked up from the url* >> [% sitename = data.sitename %] >> [% FOREACH link = DBI.query("SELECT * FROM page_tb >> WHERE (status = 2 AND >> page_code = "$pagecode" AND >> > > I'd be more worried about SQL injection attacks. > > > Move that code out of the Template and into a module, and always use bind > parameters. > > -- > Bill Moseley > [email protected] > > _______________________________________________ > templates mailing list > [email protected] > http://mail.template-toolkit.org/mailman/listinfo/templates > >
_______________________________________________ templates mailing list [email protected] http://mail.template-toolkit.org/mailman/listinfo/templates
