Home > mailing lists

Re: SQL injection in a ~ or LIKE statement - Mailing list pgsql-general

From	Harald Armin Massa
Subject	Re: SQL injection in a ~ or LIKE statement
Date	October 25, 2006 00:50:12
Msg-id	7be3f35d0610222258k54df819r9c47dd9fb4c35267@mail.gmail.com Whole thread Raw
In response to	Re: SQL injection in a ~ or LIKE statement ("Uwe C. Schroeder" <uwe@oss4u.com>)
Responses	Re: SQL injection in a ~ or LIKE statement
List	pgsql-general

Tree view

psycopg2 supports parameters which are escaped properly.

adding: Judging from the mails of Frederico, developer of psycopg2, he was also in the "early notify circle" of the 8.13->8.14 escaping improvement. So, if done correctly the DB API way, all escaping with psycopg2 is fine.

Harald

--
GHUM Harald Massa
persuadere et programmare
Harald Armin Massa
Reinsburgstraße 202b
70197 Stuttgart
0173/9409607
-
Python: the only language with more web frameworks than keywords.

pgsql-general by date:

From: "Harald Armin Massa"
Date: 25 October 2006, 00:16:26
Subject: Re: 8.2beta1 installation fails

From: Karsten Hilbert
Date: 25 October 2006, 06:47:12
Subject: Re: SQL injection in a ~ or LIKE statement

Re: SQL injection in a ~ or LIKE statement - Mailing list pgsql-general

Previous

Next