| From: | Kris Jurka <books(at)ejurka(dot)com> |
|---|---|
| To: | Josh Berkus <josh(at)agliodbs(dot)com> |
| Cc: | pgsql-hackers(at)postgresql(dot)org, Gregory Stark <stark(at)enterprisedb(dot)com>, Andrew Sullivan <ajs(at)commandprompt(dot)com> |
| Subject: | Re: Protection from SQL injection |
| Date: | 2008-04-30 14:08:25 |
| Message-ID: | Pine.BSO.4.64.0804301005070.10085@leary.csoft.net |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Tue, 29 Apr 2008, Josh Berkus wrote:
>> Did you guys miss Tom's comment up-thread? Postgres already does this if
>> you use PQExecParams().
>
> Keen. Now we just need to get the driver developers to implement it. I
> imagine Java does.
>
The JDBC driver takes a multi-command statement and splits it up to be
able to use the extended query protocol. So the JDBC driver is actually
doing the reverse of your suggestion. For us it was a decision to ease
the transition from V2 to V3 protocol and not break code that used to
work.
Kris Jurka
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Alvaro Herrera | 2008-04-30 14:09:13 | Re: Proposed patch - psql wraps at window width |
| Previous Message | Gregory Stark | 2008-04-30 14:02:16 | Re: Proposed patch - psql wraps at window width |