Search Postgresql Archives

Re: Posgres Adding braces at beginning and end of text (html) content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

In response to linnewbie :
> I am using tcl ( ncgi and tclobdc ) so it is more like the excerpts
> below:
> 
> ie I input:
> 
> <h1>Hello World </h1>
> 
> <p>xyz <p/>
> .........
> 
> into the text area field, save:
> 
> set page_content  [ ncgi::value  textarea_field_name]
> 
> database connect dbh $datasource $dbuser $dbpassword
> 
> set sql "INSERT INTO profile (page_content) \
>         VALUES('$page_content') "

That is a security hole for sql-injection.


Andreas
-- 
Andreas Kretschmer
Kontakt:  Heynitz: 035242/47150,   D1: 0160/7141639 (mehr: -> Header)
GnuPG-ID:   0x3FFF606C, privat 0x7F4584DA   http://wwwkeys.de.pgp.net

-- 
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux