[Catalyst] PostgreSQL quoting issues
Zbigniew Lukasiak
zzbbyy at gmail.com
Wed Jan 16 15:34:53 GMT 2008
On Jan 16, 2008 4:15 PM, Marius Kjeldahl
<mariusauto-catalyst at kjeldahl.net> wrote:
> Joshua D. Drake wrote:
> >> Does anybody have an idea how I can pursuade Postgres into accepting
> >> this as just a simple string and that Postgres shouldn't try to
> >> interpret anything in it?
> >
> > Yeah, quote the string. You can't submit an unquoted string to PostgreSQL.
>
> As my original post demonstrated, that was not the issue at all. But I
> found the reason for the bug. It seems IF in the following expression:
>
> my $rsts = $c->model ('MintAppDB::TransSum')->find ({
> category => $c->req->param ('category'),
> sentto => $c->req->param ('sentto'),
> iso => $c->req->param ('iso')
> });
>
> if category and iso pointed to undefined values, the bug I struggled
> with was triggered. Making sure that they were defined took care of the
> problem. I guess the sql generating stuff didn't like being fed
> undefined values.
That is not everything - you should also check if there is just one
value in the parameters.
See: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/msg00853.html
Or better use some input parameters sanitizer - you can choose one
from: http://www.perlfoundation.org/perl5/index.cgi?form_processing
Cheers,
Zbigniew
>
> Thanks anyway,
>
> Marius K.
>
>
>
> _______________________________________________
> List: Catalyst at lists.scsys.co.uk
> Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
> Searchable archive: http://www.mail-archive.com/catalyst@lists.scsys.co.uk/
> Dev site: http://dev.catalyst.perl.org/
>
--
Zbigniew Lukasiak
http://brudnopis.blogspot.com/
More information about the Catalyst
mailing list