| From: | Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com> |
|---|---|
| To: | Craig Ringer <craig(at)postnewspapers(dot)com(dot)au> |
| Cc: | 野村 <nomura(at)ir-alt(dot)co(dot)jp>, pgsql-general(at)postgresql(dot)org |
| Subject: | Re: javascript and postgres |
| Date: | 2009-02-24 07:06:48 |
| Message-ID: | dcc563d10902232306y3a72e5ddja2e6c96f1080e13@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, Feb 23, 2009 at 11:54 PM, Craig Ringer
<craig(at)postnewspapers(dot)com(dot)au> wrote:
> 野村 wrote:
>> Hello all.
>>
>> My javascript connects with postgres using php.
>> php responds with XML for my select request.
>> I wonder is there any way to access to postgres directly?
>
> Nothing stops you passing SQL snippets from JavaScript into your PHP
> code, which then dispatches then to the server and returns the results.
>
> This is a really, really, REALLY bad idea. It allows anybody with the
> ability to access your XML-RPC interface for PHP (say via XMLHttpRequest
> in their browser) to send whatever SQL code they want to your server.
Note however that there is such a beast as server side javascript.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Mike Ivanov | 2009-02-24 07:21:16 | Re: Poor select count(*) performance |
| Previous Message | John R Pierce | 2009-02-24 06:54:27 | Re: javascript and postgres |