Home > mailing lists

Re: Escaping strings for inclusion into SQL queries - Mailing list pgsql-hackers

From	Bruce Momjian
Subject	Re: Escaping strings for inclusion into SQL queries
Date	August 30, 2001 21:44:10
Msg-id	200108302243.f7UMhuP09937@candle.pha.pa.us Whole thread Raw
In response to	Re: Escaping strings for inclusion into SQL queries (Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE>)
List	pgsql-hackers

Tree view

> Florian Weimer <Florian.Weimer@rus.uni-stuttgart.de> writes:
> 
> > We therefore suggest that a string escaping function is included in a
> > future version of PostgreSQL and libpq.  A sample implementation is
> > provided below, along with documentation.
> 
> We have now released a description of the problems which occur when a
> string escaping function is not used:
> 
> http://cert.uni-stuttgart.de/advisories/apache_auth.php
> 
> What further steps are required to make the suggested patch part of
> the official libpq library?

Will be applied soon.  I was waiting for comments before adding it to
the patch queue.

--  Bruce Momjian                        |  http://candle.pha.pa.us pgman@candle.pha.pa.us               |  (610)
853-3000+  If your life is a hard drive,     |  830 Blythe Avenue +  Christ can be your backup.        |  Drexel Hill,
Pennsylvania19026

pgsql-hackers by date:

From: Bruce Momjian
Date: 30 August 2001, 21:43:39
Subject: Re: Escaping strings for inclusion into SQL queries

From: "Mitch Vincent"
Date: 30 August 2001, 22:09:35
Subject: Re: Escaping strings for inclusion into SQL queries

Re: Escaping strings for inclusion into SQL queries - Mailing list pgsql-hackers

Previous

Next