cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Torsten Curdt <tcu...@apache.org>
Subject Re: Prepared query with ESQL?
Date Wed, 21 Feb 2007 10:55:51 GMT

On 21.02.2007, at 11:43, Gajo Csaba wrote:

> Hello,
>
> Is there a way for me to execute a prepared SQL statement? For  
> example, something like:
>
> <esql:query>UPDATE User SET display_name=? WHERE ID=?</esql:query>
>
> It would be quite a security risk if I just used the user-submitted  
> data instead of the ? here. Any way to do this?

ESQL always uses prepared statement (also because of that).
Have a look at <esql:parameter> (IIRC - boy it has been a while)

cheers
--
Torsten

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org
For additional commands, e-mail: users-help@cocoon.apache.org


Mime
View raw message