Skip site navigation (1) Skip section navigation (2)

Re: Protection from SQL injection

From: Andrew Sullivan <ajs(at)commandprompt(dot)com>
To: pgsql-hackers(at)postgresql(dot)org
Subject: Re: Protection from SQL injection
Date: 2008-04-30 14:20:09
Message-ID: 20080430142008.GA5074@commandprompt.com (view raw or flat)
Thread:
Lists: pgsql-hackers
On Tue, Apr 29, 2008 at 09:02:30PM -0400, Gregory Stark wrote:

> Did you guys miss Tom's comment up-thread? Postgres already does this if you
> use PQExecParams(). 

I did, yes.  Thanks for the clue.  OTOH, I do see the OP's point that
it'd be nice if the DBA could enforce this rule.  Maybe a way of
insisting on PQExecParams() instead of anything else?

A

-- 
Andrew Sullivan
ajs(at)commandprompt(dot)com
+1 503 667 4564 x104
http://www.commandprompt.com/

In response to

Responses

pgsql-hackers by date

Next:From: Tom LaneDate: 2008-04-30 14:30:14
Subject: Re: Proposed patch - psql wraps at window width
Previous:From: Alvaro HerreraDate: 2008-04-30 14:09:13
Subject: Re: Proposed patch - psql wraps at window width

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group