Skip site navigation (1) Skip section navigation (2)

Bind Variables and Quoting / Dequoting Input

From: <operationsengineer1(at)yahoo(dot)com>
To: "pgsql-novice(at)postgresql(dot)org" <pgsql-novice(at)postgresql(dot)org>
Subject: Bind Variables and Quoting / Dequoting Input
Date: 2005-12-09 21:54:13
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-novice
do i need to quote input even though i'm using bind
variables in my queries?

i seem to think that quoting on entry and unquoting on
return was a method for fighting sql injection, but
i'm also thinking that bind variables may make that
step meaningless.

problem is, i'm not sure.

any guidance is appreciated, of course.

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 


pgsql-novice by date

Next:From: Michael FuhrDate: 2005-12-10 01:22:29
Subject: Re: Bind Variables and Quoting / Dequoting Input
Previous:From: Walker, Jed SDate: 2005-12-09 20:27:58
Subject: Re: Return void error in PG 8.1.0

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group