Re: text column constraint, newbie question - Mailing list pgsql-general

From RebeccaJ
Subject Re: text column constraint, newbie question
Date
Msg-id 25e6b4a4-201c-4c2e-b066-18e08d1880e9@u9g2000pre.googlegroups.com
Whole thread Raw
In response to text column constraint, newbie question  (RebeccaJ <rebeccaj@gmail.com>)
Responses Re: text column constraint, newbie question
Re: text column constraint, newbie question
List pgsql-general
> >  Are there characters, maybe non-printing characters, or perhaps
> > even whole phrases, that could cause problems in my database or
> > application if I were to allow users to enter them into that column?
>
> > If so, does anyone happen to have a regular expression handy that you
> > think is a good choice for text columns' CHECK constraint? Or maybe a
> > link to a discussion of this topic?
>
> Nope, there's nothing you can put into a text to break pgsql.
> However, if you are using regular old queries, you'd be advised to use
> pg_escape_string() function in php to prevent SQL injection attacks.

Thanks! I'll check out pg_escape_string() in php, and I see that
PostgreSQL also has something called PQescapeStringConn... I wonder if
I should use both...

Also, I should have asked: what about char and varchar fields? Can
those also handle any characters, as long as I consider SQL injection
attacks?

pgsql-general by date:

Previous
From: Ben Ali Rachid
Date:
Subject: Re: Srf function : missing library on PostgreSQL 8.3.6 on Windows?
Next
From: Oliver Weichhold
Date:
Subject: Understanding Execution Plans