Quick Links

Bind Variables and Quoting / Dequoting Input

From:	<operationsengineer1(at)yahoo(dot)com>
To:	"pgsql-novice(at)postgresql(dot)org" <pgsql-novice(at)postgresql(dot)org>
Subject:	Bind Variables and Quoting / Dequoting Input
Date:	2005-12-09 21:54:13
Message-ID:	20051209215413.38315.qmail@web33301.mail.mud.yahoo.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-novice

do i need to quote input even though i'm using bind
variables in my queries?

i seem to think that quoting on entry and unquoting on
return was a method for fighting sql injection, but
i'm also thinking that bind variables may make that
step meaningless.

problem is, i'm not sure.

any guidance is appreciated, of course.

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com

Responses

Re: Bind Variables and Quoting / Dequoting Input at 2005-12-10 01:22:29 from Michael Fuhr

Browse pgsql-novice by date

	From	Date	Subject
Next Message	Michael Fuhr	2005-12-10 01:22:29	Re: Bind Variables and Quoting / Dequoting Input
Previous Message	Walker, Jed S	2005-12-09 20:27:58	Re: Return void error in PG 8.1.0