Quick Links

escaping and sql injection

From:	Dennis Gearon <gearond(at)cvc(dot)net>
To:	pgsql-general(at)postgresql(dot)org
Subject:	escaping and sql injection
Date:	2003-02-21 23:09:01
Message-ID:	B7NIE9GAVSRORWTSPUQ83B96GD84MI.3e56b18d@cal-lab
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Is there any links for escaping characters and sql injection prevention in postgres?

I have read where the ' character is not really the preferred escaping character, but it does seem
to be the one I've seen for postgres.

Can multiple statements be issued in postgres, like:

'select count(*) from MyTable; drop MyTable;'

Re: escaping and sql injection at 2003-02-22 00:07:16 from Martijn van Oosterhout

	From	Date	Subject
Next Message	Cristian Custodio	2003-02-21 23:10:09	Re: Mutating table (urgent)
Previous Message	Teddy	2003-02-21 22:37:09	Users and groups