Skip site navigation (1) Skip section navigation (2)

Re: Protection from SQL injection

From: Kris Jurka <books(at)ejurka(dot)com>
To: Josh Berkus <josh(at)agliodbs(dot)com>
Cc: pgsql-hackers(at)postgresql(dot)org, Gregory Stark <stark(at)enterprisedb(dot)com>, Andrew Sullivan <ajs(at)commandprompt(dot)com>
Subject: Re: Protection from SQL injection
Date: 2008-04-30 14:08:25
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-hackers

On Tue, 29 Apr 2008, Josh Berkus wrote:

>> Did you guys miss Tom's comment up-thread? Postgres already does this if
>> you use PQExecParams().
> Keen.  Now we just need to get the driver developers to implement it.  I
> imagine Java does.

The JDBC driver takes a multi-command statement and splits it up to be 
able to use the extended query protocol.  So the JDBC driver is actually
doing the reverse of your suggestion.  For us it was a decision to ease 
the transition from V2 to V3 protocol and not break code that used to 

Kris Jurka

In response to

pgsql-hackers by date

Next:From: Alvaro HerreraDate: 2008-04-30 14:09:13
Subject: Re: Proposed patch - psql wraps at window width
Previous:From: Gregory StarkDate: 2008-04-30 14:02:16
Subject: Re: Proposed patch - psql wraps at window width

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group