Home > mailing lists

Re: Protection from SQL injection - Mailing list pgsql-hackers

From	Alvaro Herrera
Subject	Re: Protection from SQL injection
Date	May 2, 2008 14:54:02
Msg-id	20080502145358.GC2320@alvh.no-ip.org Whole thread Raw
In response to	Re: Protection from SQL injection (Darren Reed <darrenr+postgres@fastmail.net>)
Responses	Re: Protection from SQL injection ("Greg Sabino Mullane" <greg@turnstep.com>)
List	pgsql-hackers

Tree view

Darren Reed wrote:

> Because interacting with the database is always through an action
> that you do and if you're being half way intelligent about it, you
> are always checking that each action succeeded before going on to
> the next.

Hmm, it won't be pretty for the drivers that do PQexec("COMMIT; BEGIN").
The driver will think that it's in a transaction when in fact the second
command in the string has been ignored, and so it's not ...

-- 
Alvaro Herrera                                http://www.CommandPrompt.com/
The PostgreSQL Company - Command Prompt, Inc.

pgsql-hackers by date:

From: Tom Lane
Date: 02 May 2008, 14:52:46
Subject: Re: Protection from SQL injection

From: Michael Meskes
Date: 02 May 2008, 15:01:42
Subject: Re: ecpg issue - not sending datatype to the backend

Re: Protection from SQL injection - Mailing list pgsql-hackers

Previous

Next