Opened 14 years ago
Last modified 14 years ago
#3345 assigned enhancement
Support Variable Binding with SQL Drivers
Reported by: | theduckylittle | Owned by: | theduckylittle |
---|---|---|---|
Priority: | normal | Milestone: | 6.0 release |
Component: | MapServer C Library | Version: | svn-trunk (development) |
Severity: | normal | Keywords: | |
Cc: |
Description
Common practice for doing dynamic mapping is to pass in values from the URL. With read-only data sources this is fine but databases use SQL queries to source their data. When using the URL substitution methods with the databases this methodology can lead to potential SQL injection problems. In order to prevent these potential problems databases support variable binding. The database properly escapes the values and insulates itself from the injection attacks.
This ticket is a reflection of RFC 59.
Note:
See TracTickets
for help on using tickets.
Initial version in r9876.