[ic] A link from DB
Daniel Davenport
ddavenport at newagedigital.com
Thu Jul 29 09:29:39 EDT 2004
> -----Original Message-----
> From: interchange-users-bounces at icdevgroup.org
> [mailto:interchange-users-bounces at icdevgroup.org]On Behalf Of Jon
> Sent: Tuesday, July 27, 2004 10:16 PM
> To: interchange-users at icdevgroup.org
> Subject: [ic] A link from DB
>
> I'm trying to create a hyperlink from with in a field in the DB so when
> one item is displayed via flypage.html there is a link to another item.
> I've tried various variations of 'area' and 'page' tags with/with out
> interpolate but it always seems to display the IC tag and not the link.
> I've read there is a security issue with creating links out of a DB,
> but didn't see if that applied to a specific release
> of IC or all IC releases ?
It applies to any system which can execute code. What you're trying to do
is a really bad idea--if you could use an [area] or [page] tag, then
potentially any ITL code could be run, including stuff like [data userdb
password insert_user_id_here]. As of yet, i don't believe there's a way to
only interpolate this tag and that tag, and escape all the others.
If you wanted to, you could have a related_sku or other such field in the
products table, and instead of trying to put the tag in there, have some
code like
[if-item-field related_sku]
[page [item-field related_sku]][description [item-field related_sku]]</a>
[/if-item-field]
in the flypage.
/me
More information about the interchange-users
mailing list