On Saturday 07 June 2003 17:46, Henrik Steffen wrote:
(in answer to my queries):
> > What exactly does the function SQL() do? Is it possible that the script
> > could receive input along these lines?
> > SQL("UPDATE table SET manio='071002'; WHERE kundennummer='071002883';")
> sub SQL {
> my $command=shift;
> ...
> $sth=$db->prepare($command);
> $sth->execute();
> ...
> }
> > Any idea what version the server is running?
> running latest postgresql 7.3.3
Well, SQL() looks fine to me [*]; I would look at the path the query takes
from the web interface to the backend and whether the possibility of human
error (e.g. a semicolon in the wrong place not being detected) can be
definitively ruled out before looking for bugs in the server.
[*] but you might want to consider using placeholders and bind values.
Ian Barwick
barwick@gmx.net
