Skip site navigation (1) Skip section navigation (2)

Bind Variables and Quoting / Dequoting Input

From: <operationsengineer1(at)yahoo(dot)com>
To: "pgsql-novice(at)postgresql(dot)org" <pgsql-novice(at)postgresql(dot)org>
Subject: Bind Variables and Quoting / Dequoting Input
Date: 2005-12-09 21:54:13
Message-ID: 20051209215413.38315.qmail@web33301.mail.mud.yahoo.com (view raw or flat)
Thread:
Lists: pgsql-novice
do i need to quote input even though i'm using bind
variables in my queries?

i seem to think that quoting on entry and unquoting on
return was a method for fighting sql injection, but
i'm also thinking that bind variables may make that
step meaningless.

problem is, i'm not sure.

any guidance is appreciated, of course.

__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 

Responses

pgsql-novice by date

Next:From: Michael FuhrDate: 2005-12-10 01:22:29
Subject: Re: Bind Variables and Quoting / Dequoting Input
Previous:From: Walker, Jed SDate: 2005-12-09 20:27:58
Subject: Re: Return void error in PG 8.1.0

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group