[ic] error in lib/vend/table/dbi.pm?
Frederic Steinfels
interchange-users@interchange.redhat.com
Fri Oct 26 15:52:01 2001
Hi everybody
I have just spent two hours finding out why my SQL Query "SHOW COLUMNS
FROM pricing" failed. I hope this fix will be implemented in the next
release.
In Interchange 4.8.1 dbi.pm line 1498 there is written
$update = 1 if $query !~ /^\s*select\s+/i;
In order to get those show and explain things to work, you whould write
$update = 1 if $query !~ /^\s*(select|show|explain)\s+/i;
or are there any security issues?
PS: When I first looked into interchange 4 months ago, I thought I could
never get my new site running. I had no perl nor sql knowledge. I have
done a lot of changes to the pricing and ordering stuff. I made a little
scripting language that allows me to set the options of a product to
certain values depending on other options (eliminate incompatible
options), user default option, supplied parameters in the price and
order tags, global default options (autoselect options if the user had
no chance to select them yet). I made my own search/result page and
routines, my own (faster) bar_link code that does not need going to the
admin ui / autopolulate anymore, lots of product tables calculated in
perl and my own shipping routine. I still have the impression that I
could have done the things I did in a more elegant way. If Interchange
was really well documented (more tutorials, samples, howtos), it would
take at least 5000 pages...