Re: Sql injection attacks

From: Mage <mage(at)mage(dot)hu>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: Sql injection attacks
Date: 2004-07-26 06:08:35
Message-ID: 41049FE3.1070600@mage.hu
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Bill Moran wrote:

>
>
>Simply put:
>1) If the untrusted value is a string, using a proper escape sequence
should
> make it safe.
>
>
in pgsql (and mysql) you can escape almost everything.

update table set a = '5' is corrent, even is column a is integer type.
You can't escape the null value.

Mage

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Magnus Hagander 2004-07-26 08:39:58 Re: Sql injection attacks
Previous Message Greg Stark 2004-07-26 05:57:37 Re: Sql injection attacks