Quick Links

Re: text column constraint, newbie question

From:	Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com>
To:	Stephen Cook <sclists(at)gmail(dot)com>
Cc:	RebeccaJ <rebeccaj(at)gmail(dot)com>, pgsql-general(at)postgresql(dot)org
Subject:	Re: text column constraint, newbie question
Date:	2009-03-23 07:07:18
Message-ID:	dcc563d10903230007i547d57d1y8057c6f11751af41@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

On Mon, Mar 23, 2009 at 12:59 AM, Stephen Cook <sclists(at)gmail(dot)com> wrote:
> You should use pg_query_params() rather than build a SQL statement in your
> code, to prevent SQL injection attacks. Also, if you are going to read this
> data back out and show it on a web page you probably should make sure there
> is no rogue HTML or JavaScript or anything in there with htmlentities() or
> somesuch.

Are you saying pg_quer_params is MORE effective than pg_escape_string
at deflecting SQL injection attacks?

In response to

Re: text column constraint, newbie question at 2009-03-23 06:59:23 from Stephen Cook

Responses

Re: text column constraint, newbie question at 2009-03-23 07:51:59 from David Wilson
Re: text column constraint, newbie question at 2009-03-23 08:33:36 from Ivan Sergio Borgonovo
Re: text column constraint, newbie question at 2009-03-23 14:51:55 from David Fetter

Browse pgsql-general by date

	From	Date	Subject
Next Message	David Wilson	2009-03-23 07:51:59	Re: text column constraint, newbie question
Previous Message	Stephen Cook	2009-03-23 06:59:23	Re: text column constraint, newbie question