| From: | Matteo Beccati <php(at)beccati(dot)com> |
|---|---|
| To: | Robert Paulsen <robert(at)paulsenonline(dot)net> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: PHP and PostgreSQL question on identifier limits. |
| Date: | 2004-08-15 23:58:10 |
| Message-ID: | 411FF892.2030007@beccati.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Hi,
> $_GET['sort'] && $_SESSION['sort']=$_GET['sort'];
> $sort=$_SESSION['sort'];
> $sort || $sort="field1";
First of all I don't feel very comfortable with this exotic syntax, but
this is not the right place to discuss about it ;)
> $query="SELECT
> field1 AS \"<a href=$PHP_SELF?sort=field1>field1</a>\",
> field2 AS \"<a href=$PHP_SELF?sort=field2>field2</a>\",
> field3 AS \"<a href=$PHP_SELF?sort=userid>field3</a>\"
> FROM my_table ORDER BY $sort";
>
> $tbl=new Table($query);
> $tbl->print();
Is there a good reason why you don't add hyperlinks inside your Table
class, instead than using column names for such a purpose?
P.S.
Handling column sorting like you're doing is a big security risk! I hope
you are doing some more checks on $sort, otherwise SQL injection attacks
would be very easy to do.
Best regards
--
Matteo Beccati
http://phpadsnew.com/
http://phppgads.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Paulsen | 2004-08-16 00:22:52 | Re: PHP and PostgreSQL question on identifier limits. |
| Previous Message | Mike Mascari | 2004-08-15 23:23:40 | Re: PHP Postgre-MySql call redirector |