Обсуждение: Posgres Adding braces at beginning and end of text (html) content
Hi All,
I am using postgres 8.3 on windows
I'm fairly new to postgres and I'm having this peculiar problem.
I'm storing raw html in a text field and I want users who know HTML to
update the content in a textarea field.
The problem is postgres is adding braces to the begining and ending of
the content. On creation and every time I update.
This is:
I input:
<p>xyz <p/>
.........
into the text area field I save and view I see
{<p>xyz</p>
.........
}
On a subsequent update I see {{<p>xyz</p>
........
}}
On another I see {{<p>xyz</p>
....
}}
Not sure what is happening here? I am using postgres 8.3 on windows
On Thursday 2. April 2009, linnewbie wrote: >Hi All, > >I'm fairly new to postgres and I'm having this peculiar problem. > >I'm storing raw html in a text field and I want users who know HTML to >update the content in a textarea field. > >The problem is postgres is adding braces to the begining and ending of >the content. On creation and every time I update. I can't reproduce your problem in 8.3.5: pgslekt=> create table test (i integer, t text); CREATE TABLE pgslekt=> insert into test values (1, '<p>Hei hei</p>'); INSERT 0 1 pgslekt=> select * from test; i | t ---+---------------- 1 | <p>Hei hei</p> (1 row) Perhaps it's a middleware problem? -- Leif Biberg Kristensen | Registered Linux User #338009 Me And My Database: http://solumslekt.org/blog/
(CC'ed to the list)
On Thursday 2. April 2009, linnewbie wrote:
> I am using tcl ( ncgi and tclobdc ) so it is more like the excerpts
> below:
>
>ie I input:
>
><h1>Hello World </h1>
>
><p>xyz <p/>
>
>into the text area field, save:
>
>set page_content [ ncgi::value textarea_field_name]
>
>database connect dbh $datasource $dbuser $dbpassword
>
>set sql "INSERT INTO profile (page_content) \
> VALUES('$page_content') "
>
>dbh $sql
>
>view:
>
>set sql "SELECT page_content FROM profile \
> WHERE page_id = $page"
>
>set page_content [lindex [ dbh $sql ] 0]
>
>::ncgi::header "text/html
>
>puts "<textarea id='page_content' name='page_content'> $page_content
> </ textarea>"
>
> in browser I see:
>
>{<h1>Hello World </h1>
>
><p>xyz <p/>
>.........
>}
>
>On a subsequent update I see
>
>{{
>
><h1>Hello World </h1>
>
><p>xyz <p/>
>.........
>}}
>
>On another I see
>
>{{{
>
><h1>Hello World </h1>
>
><p>xyz <p/>
>.........
>}}}
>
This is definitely not a postgresql problem. I'm storing tons of HTML
code, mostly via PHP scripts, and have had only minor issues with it,
eg. HTML entities like & being rendered as naked ampersands on
retrieval. That's a nuisance when you try to keep the W3C validator
happy, but there are ways around it.
You should probably present your problem to the Tcl community, and see
if they can come up with a reason for this oddity.
--
Leif Biberg Kristensen | Registered Linux User #338009
Me And My Database: http://solumslekt.org/blog/
On Apr 2, 8:59 am, l...@solumslekt.org ("Leif B. Kristensen") wrote:
> On Thursday 2. April 2009, linnewbie wrote:
>
> >Hi All,
>
> >I'm fairly new to postgres and I'm having this peculiar problem.
>
> >I'm storing raw html in a text field and I want users who know HTML to
> >update the content in a textarea field.
>
> >The problem is postgres is adding braces to the begining and ending of
> >the content. On creation and every time I update.
>
> I can't reproduce your problem in 8.3.5:
>
> pgslekt=> create table test (i integer, t text);
> CREATE TABLE
> pgslekt=> insert into test values (1, '<p>Hei hei</p>');
> INSERT 0 1
> pgslekt=> select * from test;
> i | t
> ---+----------------
> 1 | <p>Hei hei</p>
> (1 row)
>
> Perhaps it's a middleware problem?
> --
> Leif Biberg Kristensen | Registered Linux User #338009
> Me And My Database:http://solumslekt.org/blog/
>
> --
> Sent via pgsql-general mailing list (pgsql-gene...@postgresql.org)
> To make changes to your subscription:http://www.postgresql.org/mailpref/pgsql-general
I am using tcl ( ncgi and tclobdc ) so it is more like the excerpts
below:
ie I input:
<h1>Hello World </h1>
<p>xyz <p/>
.........
into the text area field, save:
set page_content [ ncgi::value textarea_field_name]
database connect dbh $datasource $dbuser $dbpassword
set sql "INSERT INTO profile (page_content) \
VALUES('$page_content') "
dbh $sql
......................
......................
......................
view:
set sql "SELECT page_content FROM profile \
WHERE page_id = $page"
set page_content [lindex [ dbh $sql ] 0]
::ncgi::header "text/html
...........................
...........................
...........................
puts "<textarea id='page_content' name='page_content'> $page_content
</
textarea>"
.........................................................
........................................................
in browser I see:
{<h1>Hello World </h1>
<p>xyz <p/>
.........
}
On a subsequent update I see
{{
<h1>Hello World </h1>
<p>xyz <p/>
.........
}}
On another I see
{{{
<h1>Hello World </h1>
<p>xyz <p/>
.........
In response to linnewbie :
> I am using tcl ( ncgi and tclobdc ) so it is more like the excerpts
> below:
>
> ie I input:
>
> <h1>Hello World </h1>
>
> <p>xyz <p/>
> .........
>
> into the text area field, save:
>
> set page_content [ ncgi::value textarea_field_name]
>
> database connect dbh $datasource $dbuser $dbpassword
>
> set sql "INSERT INTO profile (page_content) \
> VALUES('$page_content') "
That is a security hole for sql-injection.
Andreas
--
Andreas Kretschmer
Kontakt: Heynitz: 035242/47150, D1: 0160/7141639 (mehr: -> Header)
GnuPG-ID: 0x3FFF606C, privat 0x7F4584DA http://wwwkeys.de.pgp.net
hi,
i'm not a tcl user but it looks like an array representation. try to
remove braces [] from page_content.
regards.
thomas
linnewbie schrieb:
>
> into the text area field, save:
>
> set page_content [ ncgi::value textarea_field_name]
>
> database connect dbh $datasource $dbuser $dbpassword
>
> set sql "INSERT INTO profile (page_content) \
> VALUES('$page_content') "
>
> dbh $sql
>
>
On Apr 2, 10:01 am, andreas.kretsch...@schollglas.com ("A.
Kretschmer") wrote:
> In response to linnewbie :
>
>
>
> > I am using tcl ( ncgi and tclobdc ) so it is more like the excerpts
> > below:
>
> > ie I input:
>
> > <h1>Hello World </h1>
>
> > <p>xyz <p/>
> > .........
>
> > into the text area field, save:
>
> > set page_content [ ncgi::value textarea_field_name]
>
> > database connect dbh $datasource $dbuser $dbpassword
>
> > set sql "INSERT INTO profile (page_content) \
> > VALUES('$page_content') "
>
> That is a security hole for sql-injection.
This database user only has select,insert,update privileges on this
table and these are internal users (administrators) so I'm not sure
how much trouble they can make.
Is there another way to have users update content that is really
really complex html, nested <ul> with <span>s with spacial classes
etc?
On Apr 2, 11:06 am, linnewbie <linnew...@gmail.com> wrote:
> On Apr 2, 10:01 am, andreas.kretsch...@schollglas.com ("A.
>
>
>
> Kretschmer") wrote:
> > In response to linnewbie :
>
> > > I am using tcl ( ncgi and tclobdc ) so it is more like the excerpts
> > > below:
>
> > > ie I input:
>
> > > <h1>Hello World </h1>
>
> > > <p>xyz <p/>
> > > .........
>
> > > into the text area field, save:
>
> > > set page_content [ ncgi::value textarea_field_name]
>
> > > database connect dbh $datasource $dbuser $dbpassword
>
> > > set sql "INSERT INTO profile (page_content) \
> > > VALUES('$page_content') "
>
> > That is a security hole for sql-injection.
>
> This database user only has select,insert,update privileges on this
> table and these are internal users (administrators) so I'm not sure
> how much trouble they can make.
>
> Is there another way to have users update content that is really
> really complex html, nested <ul> with <span>s with spacial classes
> etc?
This is a tcl thing though.
On Thu, Apr 2, 2009 at 3:33 PM, linnewbie <linnewbie@gmail.com> wrote: > set page_content [lindex [ dbh $sql ] 0] I have never heard of tclodbc, but I believe you are putting the first row into your variable, which is why it shows with curly braces. The problem should be more obvious when you try to fetch more than one column from the table. Try this: set page_content [lindex [lindex [ dbh $sql ] 0] 0] That should solve your problem.