Postgres Pro
Downloads
Home   >   mailing lists

Re: to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping? - Mailing list pgsql-general

From Reg Me Please
Subject Re: to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping?
Date
Msg-id 200901081020.34666.regmeplease@gmail.com
Whole thread Raw
In response to Re: to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping?  (Mohamed <mohamed5432154321@gmail.com>)
Responses Re: to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping?  (Christopher Swingley <cswingle@gmail.com>)
List pgsql-general
Tree view 
Maybe I'm missing the point, but have read about quote_ident() and
quote_literal() at chapter 9.4 "String Functions and Operators"?

BR

--
Fahrbahn ist ein graues Band
weisse Streifen, grüner Rand

On Thursday 08 January 2009 09:52:29 Mohamed wrote:
> ..... any one?
>
> On Wed, Jan 7, 2009 at 8:07 PM, Mohamed <mohamed5432154321@gmail.com> wrote:
> > Hi, I am wondering whether or not there exists any built in function for
> > making sure a query/textinput is not harmful or one that escapes them. If
> > not, what kind of things should I watch out for ?
> > As of now, I get errors on the quote ( ' ) if it is entered in an input
> > and in to_tsquery also on space. What other tokens should I be careful
> > about? How should I handle these ? How do I escape them ?
> >
> > When fulltext indexing my text, is there any risk that the text being
> > indexed could be harmful if it contains certain characters ?
> >
> > / Moe

pgsql-general by date:

Previous
From: Mohamed
Date:
Subject: Re: to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping?
Next
From: "Yogvinder Singh"
Date:
Subject: Re: RCA for MemoryContextAlloc: invalid request size(Known Issue)