Database error?

J. Landman Gay jacque at hyperactivesw.com
Fri Apr 10 21:52:11 EDT 2015 

I freeze up with this stuff, just like I do with math. But...but...won't 
an intruder be likely to send their own queries, regardless of how the 
app is doing it? If they include raw values, the database will still 
respond, right? So why would it matter how the app is doing it?

On 4/10/2015 8:36 PM, Peter Haworth wrote:
> On Fri, Apr 10, 2015 at 6:14 PM, J. Landman Gay <jacque at hyperactivesw.com>
> wrote:
>
>> I'm not quite sure what Pete meant by using the variable name option in
>> the rev database functions though. (I am so not a database person.)
>
>
> Well you opened the door by asking :-)
>
> As an example, revDataFromQuery's syntax is
>
> revDataFromQuery([*columnDelim*],[*rowDelim*],*databaseID*,*SQLQuery*[,
> *varsList*])
>
> "varslist" is the thing I mentioned.  It allows you have a SELECT statement
> like this:
>
> SELECT col1,col2 FROM myTable WHERE col3=:1 AND col4=:2
>
> The values for :1 and :2 are supplied in the varslist which can either be a
> comma separated list of simple variable names or a single array variable
> with, in this case, keys 1 and 2, with the variable names enclosed in
> quotes.
>
> So the revDataFromQuery call would be:
>
> put revDataFromQuery(,,gDBID,tSelect,"tValue1",tValue2") into tData
>
> OR
>
> put revDataFromQuery(,,gDBID,tSelect,"tArray") into tData
>
> In addition to preventing SQL injection attacks, this also avoids the need
> to escape troublesome characters like quotes in the data.
>
> Pete
> lcSQL Software <http://www.lcsql.com>
> Home of lcStackBrowser <http://www.lcsql.com/lcstackbrowser.html> and
> SQLiteAdmin <http://www.lcsql.com/sqliteadmin.html>
> _______________________________________________
> use-livecode mailing list
> use-livecode at lists.runrev.com
> Please visit this url to subscribe, unsubscribe and manage your subscription preferences:
> http://lists.runrev.com/mailman/listinfo/use-livecode
>


-- 
Jacqueline Landman Gay         |     jacque at hyperactivesw.com
HyperActive Software           |     http://www.hyperactivesw.com

More information about the use-livecode mailing list