Hello Peter, 2017-11-03 1:59 GMT+06:00 Peter Brottveit Bock <[email protected]>:
> Hi, > > It seems to me that it's not possible to store xml in a database. Is there > any reason for this? > > My understanding of ur/web is that the xml data type is—under the > hood—simply a string. I therefore would have thought it would be trivial to > store it in a database. > > Storing it in a database is prone to XML/HTML injection (therefore the general case is disallowed). If you want to store in database, then you will have to print it to a string and then parse it back into XML/HTML (for a strictly controlled subset of XML/HTML). There is a library for this use-case in UPO: https://github.com/achlipala/upo/blob/master/html.urs > As a minimal example: > > ------------------ > table db : { Elem : xbody } > > fun display_db () = > queryX (SELECT * FROM db) > (fn row => row.Db.Elem) > > fun add_to_db (x : xbody) : transaction unit = > dml (INSERT INTO db(Elem) VALUES ({[x]})) > > fun main () = > add_to_db <xml> Hello </xml>; > display_db () > ------------------ > > fails with > ------------------ > example.ur:5:38: (to 5:43) Can't resolve type class instance > Class constraint: > sql_injectable (xml ([Dyn = (), MakeForm = (), Body = ()]) ([]) ([])) > Reduced to unresolvable: > sql_injectable_prim > (xml ([Dyn = (), MakeForm = (), Body = ()]) ([]) ([])) > ------------------ > > — Peter > > _______________________________________________ > Ur mailing list > [email protected] > http://www.impredicative.com/cgi-bin/mailman/listinfo/ur > -- Cheers, Artyom Shalkhakov
_______________________________________________ Ur mailing list [email protected] http://www.impredicative.com/cgi-bin/mailman/listinfo/ur
