[ic] A link from DB

Daniel Davenport ddavenport at newagedigital.com
Thu Jul 29 09:29:39 EDT 2004

> -----Original Message-----
> From: interchange-users-bounces at icdevgroup.org
> [mailto:interchange-users-bounces at icdevgroup.org]On Behalf Of Jon
> Sent: Tuesday, July 27, 2004 10:16 PM
> To: interchange-users at icdevgroup.org
> Subject: [ic] A link from DB
> I'm trying to create a hyperlink from with in a field in the DB so when
> one item is displayed via flypage.html there is a link to another item.
> I've tried various variations of 'area' and 'page' tags with/with out
> interpolate but it always seems to display the IC tag and not the link.
> I've read there is a security issue with creating links out of a DB,
> but didn't see if that applied to a specific release
> of IC or all IC releases ?

It applies to any system which can execute code.  What you're trying to do
is a really bad idea--if you could use an [area] or [page] tag, then
potentially any ITL code could be run, including stuff like [data userdb
password insert_user_id_here].  As of yet, i don't believe there's a way to
only interpolate this tag and that tag, and escape all the others.

If you wanted to, you could have a related_sku or other such field in the
products table, and instead of trying to put the tag in there, have some
code like

[if-item-field related_sku]
 [page [item-field related_sku]][description [item-field related_sku]]</a>

in the flypage.


More information about the interchange-users mailing list