[ic] sql query with UNION broken
Jon Jensen
jon at endpoint.com
Fri Aug 22 18:50:28 EDT 2003
On Fri, 22 Aug 2003, Mike Heins wrote:
> We should probably think about security implications of this -- I am not
> sure (SELECT ...) is standard ANSI SQL, and I am not enough of a SQL guru
> to authoritatively speak to it.
Unfortunately, ANSI seems to only offer the SQL standards for sale in
print, so I don't have a copy. That syntax is valid to PostgreSQL and
MySQL.
However, I don't think the SQL standards are really relevant, because we
don't aim or claim to judge the SQL correctness of anything we pass
through the query tag, right? We just want to know enough to judge whether
we'll be checking the Read_only attribute of the database and returning a
result set or a row count. I can't think of any useful way to bypass that
due to this change, but if anyone can, we should look at it.
Jon
More information about the interchange-users
mailing list