Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: warning about SQL injection


The first example lets the SQL Query macro take dynamic input. Here is a silly example, with SQL that emits XHTML for a Confluence @user reference, (/) tick and a custom param user macro:

rendering as:


This is a silly example not least because of the SQL injection attack using param like this involves.



The macro definition looks like this: