Home > mailing lists

Re: Protection from SQL injection - Mailing list pgsql-hackers

From	Andrew Sullivan
Subject	Re: Protection from SQL injection
Date	April 30, 2008 14:20:54
Msg-id	20080430142008.GA5074@commandprompt.com Whole thread Raw
In response to	Re: Protection from SQL injection (Gregory Stark <stark@enterprisedb.com>)
Responses	Re: Protection from SQL injection (Martijn van Oosterhout <kleptog@svana.org>)
List	pgsql-hackers

Tree view

On Tue, Apr 29, 2008 at 09:02:30PM -0400, Gregory Stark wrote:

> Did you guys miss Tom's comment up-thread? Postgres already does this if you
> use PQExecParams(). 

I did, yes.  Thanks for the clue.  OTOH, I do see the OP's point that
it'd be nice if the DBA could enforce this rule.  Maybe a way of
insisting on PQExecParams() instead of anything else?

A

-- 
Andrew Sullivan
ajs@commandprompt.com
+1 503 667 4564 x104
http://www.commandprompt.com/

pgsql-hackers by date:

From: Bruce Momjian
Date: 30 April 2008, 14:12:39
Subject: Re: Proposed patch - psql wraps at window width

From: "Thomas Mueller"
Date: 30 April 2008, 14:27:41
Subject: Re: Protection from SQL injection

Re: Protection from SQL injection - Mailing list pgsql-hackers

Previous

Next