Re: update phenomenom

Hi Ian,

well, I by now believe that it has got to be a human error
(hum, well actually MY error)

However, I would like to reproduce the error, so I can
understand what I can do against it.

So, even if it's slightly off topic for pgsql-general, maybe
someone knows , how it was possible to trick out the
DBD::Pg using

$sth=$db->prepare($command);
$sth->execute();

I did not succeed in passing two statements to the
prepare-command. Neither using "commit;" nor using
"--" as a seperator.

But from the result I got, there must have been
a way to do it.

Any hints?

--

Mit freundlichem Gruß

Henrik Steffen
Geschäftsführer

top concepts Internetmarketing GmbH
Am Steinkamp 7 - D-21684 Stade - Germany
--------------------------------------------------------
http://www.topconcepts.com Tel. +49 4141 991230
mail: steffen(at)topconcepts(dot)com Fax. +49 4141 991233
--------------------------------------------------------
24h-Support Hotline: +49 1908 34697 (EUR 1.86/Min,topc)
--------------------------------------------------------
Ihr SMS-Gateway: JETZT NEU unter: http://sms.city-map.de
System-Partner gesucht: http://www.franchise.city-map.de
--------------------------------------------------------
Handelsregister: AG Stade HRB 5811 - UstId: DE 213645563
--------------------------------------------------------

----- Original Message -----
From: "Ian Barwick" <barwick(at)gmx(dot)net>
To: "Henrik Steffen" <steffen(at)city-map(dot)de>
Cc: "pgsql" <pgsql-general(at)postgresql(dot)org>
Sent: Saturday, June 07, 2003 7:34 PM
Subject: Re: [GENERAL] update phenomenom

> On Saturday 07 June 2003 17:46, Henrik Steffen wrote:
>
> (in answer to my queries):
> > > What exactly does the function SQL() do? Is it possible that the
script
> > > could receive input along these lines?
> > > SQL("UPDATE table SET manio='071002'; WHERE
kundennummer='071002883';")
>
> > sub SQL {
> > my $command=shift;
> > ...
> > $sth=$db->prepare($command);
> > $sth->execute();
> > ...
> > }
>
> > > Any idea what version the server is running?
>
> > running latest postgresql 7.3.3
>
> Well, SQL() looks fine to me [*]; I would look at the path the query takes
> from the web interface to the backend and whether the possibility of human
> error (e.g. a semicolon in the wrong place not being detected) can be
> definitively ruled out before looking for bugs in the server.
>
> [*] but you might want to consider using placeholders and bind values.
>
>
> Ian Barwick
> barwick(at)gmx(dot)net
>