| From: | guettliml(at)thomas-guettler(dot)de |
|---|---|
| To: | pgsql-bugs(at)postgresql(dot)org |
| Subject: | BUG #13753: Docs for plpy.execute() miss info about quoting |
| Date: | 2015-11-03 13:22:44 |
| Message-ID: | 20151103132244.2762.96085@wrigleys.postgresql.org |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-bugs |
The following bug has been logged on the website:
Bug reference: 13753
Logged by: Thomas Güttler
Email address: guettliml(at)thomas-guettler(dot)de
PostgreSQL version: 9.4.5
Operating system: Linux
Description:
This page misses important information:
http://www.postgresql.org/docs/9.4/static/plpython-database.html
How to quote the arguments?
The relevant information is here:
http://www.postgresql.org/docs/9.4/static/plpython-util.html
Please include a link from the execute() docs to the quoting docs.
I was trapped by a bug made by a team mate who did no quoting.
Not quoting the values of a SQL query can lead to SQL injects which are a
big security concern.
Please add a note to the docs.
Thank you.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Robert Haas | 2015-11-03 15:23:35 | Re: Re: BUG #13685: Archiving while idle every archive_timeout with wal_level hot_standby |
| Previous Message | Michael Paquier | 2015-11-03 13:06:18 | Re: BUG #13741: vacuumdb does not accept valid password |