Mercurial Mercurial > relpipe > relpipe-web / comparison
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
relpipe-data/examples-guile-parametrized-queries.xml
branchv_0
changeset 314 a8bdd870a456
parent 247 087b8621fb3e
child 316 d7ae02390fac
equal deleted inserted replaced
313:a43265235e5a 314:a8bdd870a456 
    38 		
    38 		
    39 		<p>
 
    39 		<p>
 
    40 			But it is fundamentally wrong. The input parameter is blindly pasted in middle of the Guile code.
 
    40 			But it is fundamentally wrong. The input parameter is blindly pasted in middle of the Guile code.
 
    41 			So if we call e.g. <code>fstab-where-type 'ext4"'</code>, it crashes terribly.
 
    41 			So if we call e.g. <code>fstab-where-type 'ext4"'</code>, it crashes terribly.
 
    42 			Do you remember SQL injections in your first PHP scripts when you were 14?
 
    42 			Do you remember SQL injections in your first PHP scripts when you were 14?
 
    43 			Do you remember <a href="https://xkcd.com/327/">XKCD: Exploits of a Mom</a>?
 
    43 			Do not do it again!
 
    44 			Don't do it again!
 
       
    45 		</p>
 
    44 		</p>
 
    46 		
    45 		
    47 		<p>
 
    46 		<p>
 
    48 			The <code>relpipe-tr-guile</code> tool has a safe way for passing parameters from the outside. And such parameters are even strongly typed.
 
    47 			The <code>relpipe-tr-guile</code> tool has a safe way for passing parameters from the outside. And such parameters are even strongly typed.
 
    49 			So this is, how our program should be written:
 
    48 			So this is, how our program should be written:
relpipe/relpipe-web