Re: Correct escaping of untrusted data

From: Pierre-Frédéric Caillaud <lists(at)boutiquenumerique(dot)com>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: Correct escaping of untrusted data
Date: 2004-08-06 07:25:40
Message-ID: opscauw2hocq72hf@musicbox
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

> Is the 7.4.x multibyte support bombproof? How would we avoid problems
> like this:
> http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1&safe=off&edition=us&selm=20020502171830J.t-ishii%40sra.co.jp

Well, maybe using UTF-8 encoding would fix this ?

> update tablea set data=3-? where a=1;

Add parentheses :

> update tablea set data=3-(?) where a=1;

Or do it in your program... but you can't do this if you have a db field
or function instead of the 3.

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Michael Glaesemann 2004-08-06 08:49:09 Re: Data version idea (please discuss)
Previous Message Richard Huxton 2004-08-06 07:23:23 Re: Postgres and Tools Intro?