annotate tests/cookieSec.ur @ 2238:7f92d70a326e

Only use string (rather than numeric, etc.) primitives in parsed SQL statements.
author Ziv Scully <ziv@mit.edu>
date Mon, 06 Jul 2015 01:31:04 -0700
parents f2a2be93331c
children
rev   line source
adamc@734 1 table t : {Id : int}
adamc@734 2
adamc@734 3 cookie c : int
adamc@734 4
adamc@734 5 fun setter r =
adamc@734 6 setCookie c (readError r.Id);
adamc@734 7 return <xml>Done</xml>
adamc@734 8
adamc@734 9 fun writer () =
adamc@734 10 ido <- getCookie c;
adamc@734 11 case ido of
adamc@734 12 None => error <xml>No cookie</xml>
adamc@734 13 | Some id => dml (INSERT INTO t (Id) VALUES ({[id]}));
adamc@734 14 return <xml>Done</xml>
adamc@734 15
adamc@734 16 fun main () = return <xml><body>
adamc@734 17 <form>
adamc@734 18 <textbox{#Id}/> <submit value="Get cookie" action={setter}/>
adamc@734 19 </form>
adamc@734 20
adamc@734 21 <form>
adamc@734 22 <submit value="Write to database" action={writer}/>
adamc@734 23 </form>
adamc@734 24 </body></xml>