It all depends if you sanitize the arguments yourself before building the SQL
string...
Luc
On Fri, 21 Oct 2011 19:23:22 -0700 (PDT)
Alan Malloy <a...@malloys.org> wrote:
> Augh don't do this, you are begging for SQL injection attacks. I'll
> set one of the elements in your list to:
> '); DROP TABLE users; --
>
> On Oct 21, 5:54 pm, Shoeb Bhinderwala <shoeb.bhinderw...@gmail.com>
> wrote:
> > Hi
> >
> > I wrote the following function to create a SQL IN clause from a list
> > of values. Essentially the function creates a single string which
> > is a comma separated quoted list of the values surrounded by
> > parenthesis.
> >
> > user=> (def xs [1 2 3 4 5])
> >
> > user=>(str "('" (first xs) (reduce #(str %1 "', '" %2) "" (rest xs))
> > "')")
> > "('1', '2', '3', '4', '5')"
> >
> > user=> (def xs ["ab" "cd" "ef" "gh"])
> >
> > user=> (str "('" (first xs) (reduce #(str %1 "', '" %2) "" (rest
> > xs)) "')")
> > "('ab', 'cd', 'ef', 'gh')"
> >
> > I am wondering if there is a better/easier/more elegant way to write
> > this function. Or if I can make use of a more suitable function from
> > the clojure core library to achieve this?
> >
> > Thanks
> > Shoeb
>
--
Luc P.
================
The rabid Muppet
--
You received this message because you are subscribed to the Google
Groups "Clojure" group.
To post to this group, send email to clojure@googlegroups.com
Note that posts from new members are moderated - please be patient with your
first post.
To unsubscribe from this group, send email to
clojure+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/clojure?hl=en
