Postgres Pro
Downloads
Home   >   mailing lists

escaping literals (in libpq) - Mailing list pgsql-interfaces

From Volkan YAZICI
Subject escaping literals (in libpq)
Date
Msg-id 20050403002747.GA1158@alamut
Whole thread Raw
Responses Re: escaping literals (in libpq)
List pgsql-interfaces
Tree view 
Hi,

By using PQescapeString() and PQescapeBytea() we can protect SQL
commands from SQL-Injection. I just wonder if it's necessary to
use these escape functions when using PQexecParams() or
PQsendQueryParams(); or these execParam functions don't need
escaping literals?

# End of file

pgsql-interfaces by date:

Previous
From: Michael Fuhr
Date:
Subject: Re: Problems with PQfmod() returning -1 on varchar field (libpq-8.0.0 )?
Next
From: Robert Treat
Date:
Subject: Re: Fw: suscribe