[ic] sql query with UNION broken
jon at endpoint.com
Fri Aug 22 18:50:28 EDT 2003
On Fri, 22 Aug 2003, Mike Heins wrote:
> We should probably think about security implications of this -- I am not
> sure (SELECT ...) is standard ANSI SQL, and I am not enough of a SQL guru
> to authoritatively speak to it.
Unfortunately, ANSI seems to only offer the SQL standards for sale in
print, so I don't have a copy. That syntax is valid to PostgreSQL and
However, I don't think the SQL standards are really relevant, because we
don't aim or claim to judge the SQL correctness of anything we pass
through the query tag, right? We just want to know enough to judge whether
we'll be checking the Read_only attribute of the database and returning a
result set or a row count. I can't think of any useful way to bypass that
due to this change, but if anyone can, we should look at it.
More information about the interchange-users