do i need to quote input even though i'm using bind
variables in my queries?
i seem to think that quoting on entry and unquoting on
return was a method for fighting sql injection, but
i'm also thinking that bind variables may make that
problem is, i'm not sure.
any guidance is appreciated, of course.
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
pgsql-novice by date
|Next:||From: Michael Fuhr||Date: 2005-12-10 01:22:29|
|Subject: Re: Bind Variables and Quoting / Dequoting Input|
|Previous:||From: Walker, Jed S||Date: 2005-12-09 20:27:58|
|Subject: Re: Return void error in PG 8.1.0 |