Re: Sql injection attacks - Mailing list pgsql-general

From Doug McNaught
Subject Re: Sql injection attacks
Date
Msg-id 87bri27uh6.fsf@asmodeus.mcnaught.org
Whole thread Raw
In response to Re: Sql injection attacks  (Geoff Caplan <geoff@variosoft.com>)
Responses Re: Sql injection attacks
List pgsql-general
Geoff Caplan <geoff@variosoft.com> writes:

> But in web work, you are often using GET/POST data directly in your
> SQL clauses, so the untrusted data is part of the query syntax and not
> just a value.

Can you give an example of this that isn't also an example of
obviously bad application design?

-Doug
--
Let us cross over the river, and rest under the shade of the trees.
   --T. J. Jackson, 1863

pgsql-general by date:

Previous
From: Gaetano Mendola
Date:
Subject: Re: selecting more that 2 tables based on 1 subquery find an error
Next
From: Jerry LeVan
Date:
Subject: isNumeric function?