annotate demo/outer.ur @ 1710:540df112ff62

Remove string-valued style attribute, which may allow injection attacks
author Adam Chlipala <adam@chlipala.net>
date Sun, 15 Apr 2012 12:40:53 -0400
parents 87a7702d681d
children
rev   line source
adamc@777 1 table t : { Id : int, B : string }
adamc@777 2 PRIMARY KEY Id
adamc@777 3
adamc@777 4 table u : { Id : int, Link : int, C : string, D : option float }
adamc@777 5 PRIMARY KEY Id,
adamc@777 6 CONSTRAINT Link FOREIGN KEY Link REFERENCES t(Id)
adamc@777 7
adamc@777 8 fun main () =
adamc@777 9 xml <- queryX (SELECT t.Id, t.B, u.Id, u.C, u.D
adamc@777 10 FROM t LEFT JOIN u ON t.Id = u.Link)
adamc@777 11 (fn r => <xml><tr>
adamc@777 12 <td>{[r.T.Id]}</td>
adamc@777 13 <td>{[r.T.B]}</td>
adamc@777 14 <td>{[r.U.Id]}</td>
adamc@777 15 <td>{[r.U.C]}</td>
adamc@777 16 <td>{[r.U.D]}</td>
adamc@777 17 </tr></xml>);
adamc@777 18 return <xml><body>
adamc@777 19 <table>{xml}</table>
adamc@777 20
adamc@777 21 <form>Insert into t: <textbox{#Id} size={5}/> <textbox{#B} size={5}/>
adamc@777 22 <submit action={addT}/></form>
adamc@777 23 <form>
adamc@777 24 Insert into u: <textbox{#Id} size={5}/> <textbox{#Link} size={5}/> <textbox{#C} size={5}/>
adamc@777 25 <textbox{#D} size={5}/> <submit action={addU}/>
adamc@777 26 </form>
adamc@777 27 </body></xml>
adamc@777 28
adamc@777 29 and addT r =
adamc@777 30 dml (INSERT INTO t (Id, B) VALUES ({[readError r.Id]}, {[r.B]}));
adamc@777 31 main ()
adamc@777 32
adamc@777 33 and addU r =
adamc@777 34 dml (INSERT INTO u (Id, Link, C, D) VALUES ({[readError r.Id]}, {[readError r.Link]}, {[r.C]}, {[readError r.D]}));
adamc@777 35 main ()