Skip site navigation (1) Skip section navigation (2)

Re: PQescapeIdentifier

From: "Dave Page" <dpage(at)vale-housing(dot)co(dot)uk>
To: "Christopher Kings-Lynne" <chris(dot)kings-lynne(at)calorieking(dot)com>,"Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us>
Cc: "Hackers" <pgsql-hackers(at)postgresql(dot)org>
Subject: Re: PQescapeIdentifier
Date: 2006-05-31 07:28:47
Message-ID: E7F85A1B5FF8D44C8A1AF6885BC9A0E4013885A1@ratbert.vale-housing.co.uk (view raw or flat)
Thread:
Lists: pgsql-hackers
 

> -----Original Message-----
> From: pgsql-hackers-owner(at)postgresql(dot)org 
> [mailto:pgsql-hackers-owner(at)postgresql(dot)org] On Behalf Of 
> Christopher Kings-Lynne
> Sent: 31 May 2006 04:16
> To: Tom Lane
> Cc: Hackers
> Subject: Re: [HACKERS] PQescapeIdentifier
> 
> > Christopher Kings-Lynne <chris(dot)kings-lynne(at)calorieking(dot)com> writes:
> >> Here's a question. I wish to add a function to libpq to escape 
> >> PostgreSQL identifiers.  Will this function be subject to the same 
> >> security/encoding issues as PQescapeString?
> > 
> > Is this of any general-purpose use?  How many apps are 
> really prepared
> > to let an untrusted user dictate which columns are 
> selected/compared?
> 
> phpPgAdmin has use for it, I assume pgAdmin would as well.  

Yes, it would.

Regards, Dave.

pgsql-hackers by date

Next:From: Magnus HaganderDate: 2006-05-31 08:06:48
Subject: Re: [PATCHES] Magic block for modules
Previous:From: Martijn van OosterhoutDate: 2006-05-31 07:22:20
Subject: Re: plperl's ppport.h out of date?

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group