Home > mailing lists

to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping? - Mailing list pgsql-general

From	Mohamed
Subject	to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping?
Date	January 7, 2009 18:08:30
Msg-id	861fed220901071107m6cbebf8cl20b0cb3e01648ded@mail.gmail.com Whole thread Raw
Responses	Re: to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping?
List	pgsql-general

Tree view

Hi, I am wondering whether or not there exists any built in function for making sure a query/textinput is not harmful or one that escapes them. If not, what kind of things should I watch out for ?

As of now, I get errors on the quote ( ' ) if it is entered in an input and in to_tsquery also on space. What other tokens should I be careful about? How should I handle these ? How do I escape them ?

When fulltext indexing my text, is there any risk that the text being indexed could be harmful if it contains certain characters ?

/ Moe

pgsql-general by date:

From: Kirk Strauser
Date: 07 January 2009, 17:58:11
Subject: Re: FreeBSD and large shared_buffers a no-go?

From: Karsten Hilbert
Date: 07 January 2009, 18:16:01
Subject: Re: encoding of PostgreSQL messages

to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping? - Mailing list pgsql-general

Previous

Next