view demo/outer.ur @ 1710:540df112ff62

Remove string-valued style attribute, which may allow injection attacks
author Adam Chlipala <adam@chlipala.net>
date Sun, 15 Apr 2012 12:40:53 -0400
parents 87a7702d681d
children
line wrap: on
line source
table t : { Id : int, B : string }
  PRIMARY KEY Id

table u : { Id : int, Link : int, C : string, D : option float }
  PRIMARY KEY Id,
  CONSTRAINT Link FOREIGN KEY Link REFERENCES t(Id)

fun main () =
    xml <- queryX (SELECT t.Id, t.B, u.Id, u.C, u.D
                   FROM t LEFT JOIN u ON t.Id = u.Link)
                  (fn r => <xml><tr>
                    <td>{[r.T.Id]}</td>
                    <td>{[r.T.B]}</td>
                    <td>{[r.U.Id]}</td>
                    <td>{[r.U.C]}</td>
                    <td>{[r.U.D]}</td>
                  </tr></xml>);
    return <xml><body>
      <table>{xml}</table>

      <form>Insert into t: <textbox{#Id} size={5}/> <textbox{#B} size={5}/>
        <submit action={addT}/></form>
      <form>
        Insert into u: <textbox{#Id} size={5}/> <textbox{#Link} size={5}/> <textbox{#C} size={5}/>
        <textbox{#D} size={5}/> <submit action={addU}/>
      </form>
    </body></xml>

and addT r =
    dml (INSERT INTO t (Id, B) VALUES ({[readError r.Id]}, {[r.B]}));
    main ()

and addU r =
    dml (INSERT INTO u (Id, Link, C, D) VALUES ({[readError r.Id]}, {[readError r.Link]}, {[r.C]}, {[readError r.D]}));
    main ()