From: | Dan Sugalski <dan(at)sidhe(dot)org> |
---|---|
To: | pgsql-general(at)postgresql(dot)org |
Subject: | Re: SQL injection |
Date: | 2005-10-31 18:24:05 |
Message-ID: | a06230902bf8c118160ca@[192.168.0.3] |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-general |
At 7:54 PM +0200 10/31/05, Yonatan Ben-Nes wrote:
>Hi all,
>
>I'm currently trying to build a defence against SQL INJECTION, after
>reading some material on it I arrived to few possible solutions and
>I would like to know if anyone can comment anything about them or
>maybe add a solution of its own:
Just out of curiosity, is this something that constant SQL (or SQL
generated by code) with placeholder variables won't protect against?
--
Dan
--------------------------------------it's like this-------------------
Dan Sugalski even samurai
dan(at)sidhe(dot)org have teddy bears and even
teddy bears get drunk
From | Date | Subject | |
---|---|---|---|
Next Message | A. Kretschmer | 2005-10-31 18:42:30 | Re: replace() and Regular Expressions |
Previous Message | Chris Browne | 2005-10-31 18:14:57 | Re: Oracle 10g Express - any danger for Postgres? |