Home > mailing lists

to escape or not to - Mailing list pgsql-novice

From	Jean-Yves F. Barbier
Subject	to escape or not to
Date	June 22, 2011 13:49:23
Msg-id	20110622154907.621ed4e1@anubis.defcon1 Whole thread Raw
Responses	Re: to escape or not to
List	pgsql-novice

Tree view

Hi list,

As of '39.5: plpgsql-statements', it is said that using '$n' instead of a named
variable is prefered and less sensitive to a SQL injection.

Does it really mean if I use $n I don't have to 'quote_xxxxxx' any of these
variables?

JY
--
The 80's -- when you can't tell hairstyles from chemotherapy.

pgsql-novice by date:

From: Leon Starr
Date: 22 June 2011, 04:13:16
Subject: How to trap error: nextval: reached maximum value of sequence

From: "Jean-Yves F. Barbier"
Date: 22 June 2011, 13:54:07
Subject: change to session_user in a security definer function

to escape or not to - Mailing list pgsql-novice

Previous

Next