Home > mailing lists

Re: Need help with quote escaping in exim for postgresql - Mailing list pgsql-general

From	Florian Weimer
Subject	Re: Need help with quote escaping in exim for postgresql
Date	July 9, 2006 17:23:27
Msg-id	87y7v23d6m.fsf@mid.deneb.enyo.de Whole thread Raw
In response to	Re: Need help with quote escaping in exim for postgresql (Martijn van Oosterhout <kleptog@svana.org>)
List	pgsql-general

Tree view

* Martijn van Oosterhout:

>     * If application always sends untrusted strings as out-of-line
> parameters, instead of embedding them into SQL commands, it is not
> vulnerable.

This paragraph should explictly mention PQexecParams (which everybody
should use anyway).

It seems that Exim's architecture prevents the use of PQexecParams,
though.

pgsql-general by date:

From: Michael Fuhr
Date: 09 July 2006, 16:43:58
Subject: Re: Procedural language functions across servers

From: Martijn van Oosterhout
Date: 09 July 2006, 18:40:10
Subject: Re: Need help with quote escaping in exim for postgresql

Re: Need help with quote escaping in exim for postgresql - Mailing list pgsql-general

Previous

Next