Home > mailing lists

Re: Protection from SQL injection - Mailing list pgsql-hackers

From	Tom Lane
Subject	Re: Protection from SQL injection
Date	May 2, 2008 21:43:32
Msg-id	25702.1209764606@sss.pgh.pa.us Whole thread Raw
In response to	Re: Protection from SQL injection (Andrew Sullivan <ajs@commandprompt.com>)
List	pgsql-hackers

Tree view

Andrew Sullivan <ajs@commandprompt.com> writes:
> Oh, heaven.  I can at least think of ways to use ENUM such that you
> can justify the trade-off.  I can think of no excuse whatever for
> PQexec("COMMIT; BEGIN").  That's just lazy and sloppy.  

> Note also that more recent releases, concurrent with the improvements
> to the drivers, also reduce the impact of this sort of database misuse
> slightly.

Actually, as of 8.3 I think the impact is zero, because of the lazy
XID allocation changes.  It's still sloppy programming though.
        regards, tom lane

pgsql-hackers by date:

From: Jan Urbański
Date: 02 May 2008, 21:29:11
Subject: VacAttrStatsP vs VacAttrStats * (typedef'ing pointer types)

From: Neil Conway
Date: 02 May 2008, 21:53:11
Subject: Re: VacAttrStatsP vs VacAttrStats * (typedef'ing pointer types)

Re: Protection from SQL injection - Mailing list pgsql-hackers

Previous

Next