Home > mailing lists

Re: text column constraint, newbie question - Mailing list pgsql-general

From	Ivan Sergio Borgonovo
Subject	Re: text column constraint, newbie question
Date	March 23, 2009 23:01:08
Msg-id	20090324000050.160e292f@dawn.webthatworks.it Whole thread Raw
In response to	Re: text column constraint, newbie question (RebeccaJ <rebeccaj@gmail.com>)
List	pgsql-general

Tree view

On Mon, 23 Mar 2009 14:11:28 -0700 (PDT)
RebeccaJ <rebeccaj@gmail.com> wrote:

> now. Before, I was planning to have CHECK constraints in all of my
> text or char fields, to keep out all semicolons, single quotes, and
> anything else that looked dangerous. Now I'm thinking that I'll be
> using htmlentities(), pg_escape_string() and pg_query_params() as

check, htmlentities, pg_escape_string and pg_query_params really
don't belong to the same family of "functions" and serve very
different purposes.

simplifying it very much:
- check are used to control the quality of data that get stored in
  the db
- htmlentities is about formatting for web output
- pg_escape_string is to prepare input for sql and avoiding sql
  injection
- pg_query_params is a relative of pg_escape_string but somehow used
  differently

--
Ivan Sergio Borgonovo
http://www.webthatworks.it

pgsql-general by date:

From: Madison Kelly
Date: 23 March 2009, 22:48:23
Subject: Determining/Setting a server's time zone

From: Tom Lane
Date: 23 March 2009, 23:07:54
Subject: Re: unexpected check constraint violation

Re: text column constraint, newbie question - Mailing list pgsql-general

Previous

Next