cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ugo Cei <>
Subject Re: SQL Transformer - how to prevent injecting?
Date Fri, 12 Nov 2004 20:03:00 GMT
Il giorno 12/nov/04, alle 17:58, Ilya Vyatkin ha scritto:

> As I see using <esql:parameter> needs stored procedure support.. but we
> haven't it there.

No, it doesn't, unless I'm horribly mistaken. It's been a while since I 
last used ESQL, but I can recall from memory that I used to do:

   select * from tab where id = 

which causes the logicsheet to use a PreparedStatement and bind 
parameters instead of literals.


Ugo Cei -

View raw message