Thanks all for the feedback! The :id syntax doesn't work for me in this case (plain ADP pages in AOLserver) and I guess that is OpenACS specific (I run one such instance).
But [ns_dbquotevalue $id] works fine - so I should be pretty safe with that? For the record: I'm running PostgreSQL 8.1.4 and the nspostgres-4.0 driver. There is a 4.1 driver version available - is there any compelling reason to upgrade it with regard to security? /Björn 2009/12/4 Dossy Shiobara <do...@panoptic.com> > On 12/4/09 11:00 AM, bthj wrote: > > set sql_query "select * from sometable where entrynumber = $id" > > Replace $id with [ns_dbquotevalue $id] instead. > > -- > Dossy Shiobara | do...@panoptic.com | http://dossy.org/ > Panoptic Computer Network | http://panoptic.com/ > "He realized the fastest way to change is to laugh at your own > folly -- then you can let go and quickly move on." (p. 70) > -- Björn Þór Jónsson http://bthj.is -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.
