On Mon, Feb 23, 2009 at 11:54 PM, Craig Ringer <craig@xxxxxxxxxxxxxxxxxxxxx> wrote: > 野村 wrote: >> Hello all. >> >> My javascript connects with postgres using php. >> php responds with XML for my select request. >> I wonder is there any way to access to postgres directly? > > Nothing stops you passing SQL snippets from JavaScript into your PHP > code, which then dispatches then to the server and returns the results. > > This is a really, really, REALLY bad idea. It allows anybody with the > ability to access your XML-RPC interface for PHP (say via XMLHttpRequest > in their browser) to send whatever SQL code they want to your server. Note however that there is such a beast as server side javascript. http://en.wikipedia.org/wiki/Server-side_JavaScript -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
