Home > mailing lists

Re: Avoiding SQL injection in Dynamic Queries (in plpgsql) - Mailing list pgsql-general

From	Craig Ringer
Subject	Re: Avoiding SQL injection in Dynamic Queries (in plpgsql)
Date	March 17, 2010 08:43:11
Msg-id	4BA095AB.9050902@postnewspapers.com.au Whole thread Raw
In response to	Avoiding SQL injection in Dynamic Queries (in plpgsql) (Allan Kamau <kamauallan@gmail.com>)
Responses	Re: Avoiding SQL injection in Dynamic Queries (in plpgsql) (Allan Kamau <kamauallan@gmail.com>)
List	pgsql-general

Tree view

Allan Kamau wrote:
> When writing dynamic commands (those having "EXECUTE 'some SQL
> query';), is there a way to prevent interpretation of input parameters
> as pieces of SQL commands?

EXECUTE ... USING

--
Craig Ringer

pgsql-general by date:

From: Allan Kamau
Date: 17 March 2010, 08:12:50
Subject: Avoiding SQL injection in Dynamic Queries (in plpgsql)

From: Allan Kamau
Date: 17 March 2010, 09:06:18
Subject: Re: Avoiding SQL injection in Dynamic Queries (in plpgsql)

Re: Avoiding SQL injection in Dynamic Queries (in plpgsql) - Mailing list pgsql-general

Previous

Next