| From: | Tino Wildenhain <tino(at)wildenhain(dot)de> |
|---|---|
| To: | "scott(dot)marlowe" <scott(dot)marlowe(at)ihs(dot)com> |
| Cc: | Nathaniel Price <nprice(at)tesseract(dot)net>, pgsql-php(at)postgresql(dot)org |
| Subject: | Re: [GENERAL] Reordering results for a report |
| Date: | 2003-12-15 09:02:18 |
| Message-ID: | 3FDD789A.7060201@wildenhain.de |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-php |
Hi Scott,
scott.marlowe schrieb:
[...]
>
> print "<url goes here...>?orderby=".$flds[$i]."moreurlstuffhere???";
>
> Then, if the orderby is set when you build your query, just append it:
>
> if (isset($orderby)){
> $query.= "order by ".$orderby"
> }
>
> Add some directional control:
>
> if (isset($dir)){
> if ($dir=="down") $query.=" DESC";
> }
>
[...]
This leads to a nice SQL-injection posibility.
At least it has to made sure that no illegal
data can be transported via $orderby
Regards
Tino
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tony | 2003-12-15 09:06:13 | Re: Any commercial shopping cart packages using postgresql? |
| Previous Message | Tino Wildenhain | 2003-12-15 08:30:03 | Re: 7.5 features |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Ângelo Marcos Rigo | 2003-12-15 12:46:32 | Interactive querys |
| Previous Message | Greg Stark | 2003-12-14 02:39:08 | Re: Reordering results for a report |