In response to linnewbie :
> I am using tcl ( ncgi and tclobdc ) so it is more like the excerpts
> below:
>
> ie I input:
>
> <h1>Hello World </h1>
>
> <p>xyz <p/>
> .........
>
> into the text area field, save:
>
> set page_content [ ncgi::value textarea_field_name]
>
> database connect dbh $datasource $dbuser $dbpassword
>
> set sql "INSERT INTO profile (page_content) \
> VALUES('$page_content') "
That is a security hole for sql-injection.
Andreas
--
Andreas Kretschmer
Kontakt: Heynitz: 035242/47150, D1: 0160/7141639 (mehr: -> Header)
GnuPG-ID: 0x3FFF606C, privat 0x7F4584DA http://wwwkeys.de.pgp.net
--
Sent via pgsql-general mailing list (pgsql-general@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
