On Mon, Feb 23, 2009 at 11:54 PM, Craig Ringer
<craig@postnewspapers.com.au> wrote:
> 野村 wrote:
>> Hello all.
>>
>> My javascript connects with postgres using php.
>> php responds with XML for my select request.
>> I wonder is there any way to access to postgres directly?
>
> Nothing stops you passing SQL snippets from JavaScript into your PHP
> code, which then dispatches then to the server and returns the results.
>
> This is a really, really, REALLY bad idea. It allows anybody with the
> ability to access your XML-RPC interface for PHP (say via XMLHttpRequest
> in their browser) to send whatever SQL code they want to your server.
Note however that there is such a beast as server side javascript.
http://en.wikipedia.org/wiki/Server-side_JavaScript