Re: Segmentation Fault - Mailing list pgsql-interfaces

From Christoph Haller
Subject Re: Segmentation Fault
Date
Msg-id 3E8D37F3.70006@rodos.fzk.de
Whole thread Raw
In response to Segmentation Fault  ("Frankie Lam" <frankie@ucr.com.hk>)
List pgsql-interfaces
> >> > The doc says:> > If you want to include strings that have been received from a source> > that is not
trustworthy(for example, because a random user entered> > them), you cannot directly include them in SQL queries for
security>> reasons. Instead, you have to quote special characters that are> > otherwise interpreted by the SQL
parser.>>hmm.., I did this on purpose. Because I want to grab SQL commands> I previously stored in a table from one
database,then reformat them> and store them into another database.> E.g. the reformatted string looks like:> INSERT
INTOtableOnAnotherDB(sqlCMD) values('delete from test where> name=''\\\\''');>
 
Ok, I see. I didn't think of that possibility. You are right.
Regards, Christoph



pgsql-interfaces by date:

Previous
From: pin.o.za@mail.toyota-shokki.co.jp (王斌)
Date:
Subject: unsubscribe
Next
From: Antonio Giráldez
Date:
Subject: unsubscribe