Re: Posgres Adding braces at beginning and end of text (html) content

From: "A(dot) Kretschmer" <andreas(dot)kretschmer(at)schollglas(dot)com>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: Posgres Adding braces at beginning and end of text (html) content
Date: 2009-04-02 14:01:18
Message-ID: 20090402140118.GB25806@a-kretschmer.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

In response to linnewbie :
> I am using tcl ( ncgi and tclobdc ) so it is more like the excerpts
> below:
>
> ie I input:
>
> <h1>Hello World </h1>
>
> <p>xyz <p/>
> .........
>
> into the text area field, save:
>
> set page_content [ ncgi::value textarea_field_name]
>
> database connect dbh $datasource $dbuser $dbpassword
>
> set sql "INSERT INTO profile (page_content) \
> VALUES('$page_content') "

That is a security hole for sql-injection.

Andreas
--
Andreas Kretschmer
Kontakt: Heynitz: 035242/47150, D1: 0160/7141639 (mehr: -> Header)
GnuPG-ID: 0x3FFF606C, privat 0x7F4584DA http://wwwkeys.de.pgp.net

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Thomas Markus 2009-04-02 14:05:32 Re: Posgres Adding braces at beginning and end of text (html) content
Previous Message John Cheng 2009-04-02 13:47:16 Re: Posgres Adding braces at beginning and end of text (html) content