Quick Links

Re: Protection from SQL injection

From:	Andrew Sullivan <ajs(at)commandprompt(dot)com>
To:	pgsql-hackers(at)postgresql(dot)org
Subject:	Re: Protection from SQL injection
Date:	2008-04-30 14:20:09
Message-ID:	20080430142008.GA5074@commandprompt.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-hackers

On Tue, Apr 29, 2008 at 09:02:30PM -0400, Gregory Stark wrote:

> Did you guys miss Tom's comment up-thread? Postgres already does this if you
> use PQExecParams().

I did, yes. Thanks for the clue. OTOH, I do see the OP's point that
it'd be nice if the DBA could enforce this rule. Maybe a way of
insisting on PQExecParams() instead of anything else?

--
Andrew Sullivan
ajs(at)commandprompt(dot)com
+1 503 667 4564 x104
http://www.commandprompt.com/

In response to

Re: Protection from SQL injection at 2008-04-30 01:02:30 from Gregory Stark

Responses

Re: Protection from SQL injection at 2008-04-30 20:58:34 from Martijn van Oosterhout

Browse pgsql-hackers by date

	From	Date	Subject
Next Message	Tom Lane	2008-04-30 14:30:14	Re: Proposed patch - psql wraps at window width
Previous Message	Alvaro Herrera	2008-04-30 14:09:13	Re: Proposed patch - psql wraps at window width