Skip site navigation (1) Skip section navigation (2)

Re: [GENERAL] Reordering results for a report

From: Tino Wildenhain <tino(at)wildenhain(dot)de>
To: "scott(dot)marlowe" <scott(dot)marlowe(at)ihs(dot)com>
Cc: Nathaniel Price <nprice(at)tesseract(dot)net>, pgsql-php(at)postgresql(dot)org
Subject: Re: [GENERAL] Reordering results for a report
Date: 2003-12-15 09:02:18
Message-ID: 3FDD789A.7060201@wildenhain.de (view raw or flat)
Thread:
Lists: pgsql-generalpgsql-php
Hi Scott,

scott.marlowe schrieb:
[...]
> 
> print "<url goes here...>?orderby=".$flds[$i]."moreurlstuffhere???";
> 
> Then, if the orderby is set when you build your query, just append it:
> 
> if (isset($orderby)){
>   $query.= "order by ".$orderby"
> }
> 
> Add some directional control:
> 
> if (isset($dir)){
>   if ($dir=="down") $query.=" DESC";
> }
> 
[...]

This leads to a nice SQL-injection posibility.
At least it has to made sure that no illegal
data can be transported via $orderby

Regards
Tino


In response to

Responses

pgsql-php by date

Next:From: Ângelo Marcos RigoDate: 2003-12-15 12:46:32
Subject: Interactive querys
Previous:From: Greg StarkDate: 2003-12-14 02:39:08
Subject: Re: Reordering results for a report

pgsql-general by date

Next:From: TonyDate: 2003-12-15 09:06:13
Subject: Re: Any commercial shopping cart packages using postgresql?
Previous:From: Tino WildenhainDate: 2003-12-15 08:30:03
Subject: Re: 7.5 features

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group