| From: | Ivan Sergio Borgonovo <mail(at)webthatworks(dot)it> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: text column constraint, newbie question |
| Date: | 2009-03-23 23:00:50 |
| Message-ID: | 20090324000050.160e292f@dawn.webthatworks.it |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Mon, 23 Mar 2009 14:11:28 -0700 (PDT)
RebeccaJ <rebeccaj(at)gmail(dot)com> wrote:
> now. Before, I was planning to have CHECK constraints in all of my
> text or char fields, to keep out all semicolons, single quotes, and
> anything else that looked dangerous. Now I'm thinking that I'll be
> using htmlentities(), pg_escape_string() and pg_query_params() as
check, htmlentities, pg_escape_string and pg_query_params really
don't belong to the same family of "functions" and serve very
different purposes.
simplifying it very much:
- check are used to control the quality of data that get stored in
the db
- htmlentities is about formatting for web output
- pg_escape_string is to prepare input for sql and avoiding sql
injection
- pg_query_params is a relative of pg_escape_string but somehow used
differently
--
Ivan Sergio Borgonovo
http://www.webthatworks.it
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2009-03-23 23:07:50 | Re: unexpected check constraint violation |
| Previous Message | Dann Corbit | 2009-03-23 22:50:08 | Multiple character encodings within a single database/table? |