Return-Path: Delivered-To: apmail-cocoon-users-archive@www.apache.org Received: (qmail 61424 invoked from network); 21 Feb 2007 10:56:21 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 21 Feb 2007 10:56:21 -0000 Received: (qmail 79576 invoked by uid 500); 21 Feb 2007 10:56:25 -0000 Delivered-To: apmail-cocoon-users-archive@cocoon.apache.org Received: (qmail 79502 invoked by uid 500); 21 Feb 2007 10:56:25 -0000 Mailing-List: contact users-help@cocoon.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: users@cocoon.apache.org List-Id: Delivered-To: mailing list users@cocoon.apache.org Received: (qmail 79491 invoked by uid 99); 21 Feb 2007 10:56:25 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 Feb 2007 02:56:25 -0800 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: neutral (herse.apache.org: local policy) Received: from [217.172.187.94] (HELO neapel094.server4you.de) (217.172.187.94) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 21 Feb 2007 02:56:13 -0800 Received: from dslb-084-058-004-207.pools.arcor-ip.net ([84.58.4.207]:33760 helo=[10.0.1.3]) by neapel094.server4you.de with esmtpsa (TLS-1.0:RSA_AES_128_CBC_SHA:16) (Exim 4.50) id 1HJp8Z-0000JD-I5 for users@cocoon.apache.org; Wed, 21 Feb 2007 11:55:51 +0100 Mime-Version: 1.0 (Apple Message framework v752.3) In-Reply-To: References: Content-Type: text/plain; charset=US-ASCII; delsp=yes; format=flowed Message-Id: Content-Transfer-Encoding: 7bit From: Torsten Curdt Subject: Re: Prepared query with ESQL? Date: Wed, 21 Feb 2007 11:55:51 +0100 To: users@cocoon.apache.org X-Mailer: Apple Mail (2.752.3) X-Virus-Checked: Checked by ClamAV on apache.org On 21.02.2007, at 11:43, Gajo Csaba wrote: > Hello, > > Is there a way for me to execute a prepared SQL statement? For > example, something like: > > UPDATE User SET display_name=? WHERE ID=? > > It would be quite a security risk if I just used the user-submitted > data instead of the ? here. Any way to do this? ESQL always uses prepared statement (also because of that). Have a look at (IIRC - boy it has been a while) cheers -- Torsten --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@cocoon.apache.org For additional commands, e-mail: users-help@cocoon.apache.org