Home > mailing lists

BUG #13753: Docs for plpy.execute() miss info about quoting - Mailing list pgsql-bugs

From	guettliml@thomas-guettler.de
Subject	BUG #13753: Docs for plpy.execute() miss info about quoting
Date	November 3, 2015 17:45:24
Msg-id	20151103132244.2762.96085@wrigleys.postgresql.org Whole thread Raw
Responses	Re: BUG #13753: Docs for plpy.execute() miss info about quoting (Tom Lane <tgl@sss.pgh.pa.us>)
List	pgsql-bugs

Tree view

The following bug has been logged on the website:

Bug reference:      13753
Logged by:          Thomas GÃ¼ttler
Email address:      guettliml@thomas-guettler.de
PostgreSQL version: 9.4.5
Operating system:   Linux
Description:

This page misses important information:

http://www.postgresql.org/docs/9.4/static/plpython-database.html

How to quote the arguments?

The relevant information is here:
http://www.postgresql.org/docs/9.4/static/plpython-util.html

Please include a link from the execute() docs to the quoting docs.

I was trapped by a bug made by a team mate who did no quoting.

Not quoting the values of a SQL query can lead to SQL injects which are a
big security concern.

Please add a note to the docs.

Thank you.

pgsql-bugs by date:

From: Jeremiah Reinmiller
Date: 03 November 2015, 17:45:18
Subject: Re: BUG #13752: Incorrect RPM Version on 9.0.23 Release

From: Tom Lane
Date: 03 November 2015, 20:03:57
Subject: Re: BUG #13753: Docs for plpy.execute() miss info about quoting

BUG #13753: Docs for plpy.execute() miss info about quoting - Mailing list pgsql-bugs

Previous

Next