Skip site navigation (1) Skip section navigation (2)

escaping literals (in libpq)

From: Volkan YAZICI <yazicivo(at)ttnet(dot)net(dot)tr>
To: pgsql-interfaces(at)postgresql(dot)org
Subject: escaping literals (in libpq)
Date: 2005-04-03 00:27:47
Message-ID: 20050403002747.GA1158@alamut (view raw or flat)
Thread:
Lists: pgsql-interfaces
Hi,

By using PQescapeString() and PQescapeBytea() we can protect SQL
commands from SQL-Injection. I just wonder if it's necessary to
use these escape functions when using PQexecParams() or
PQsendQueryParams(); or these execParam functions don't need
escaping literals?

# End of file

Responses

pgsql-interfaces by date

Next:From: Sean DavisDate: 2005-04-03 00:36:18
Subject: Re: calling an external (windows) exe
Previous:From: Zlatko MatićDate: 2005-04-02 22:48:15
Subject: OLEDB and ODBC

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group