Home > mailing lists

Re: How does one make the following psql statement sql-injection resilient? - Mailing list pgsql-general

From	David G. Johnston
Subject	Re: How does one make the following psql statement sql-injection resilient?
Date	March 19, 2015 23:21:48
Msg-id	CAKFQuwYkryOa9YbNcRhecBW-NekwOoq4V0haGpYR6m5MS9qxDQ@mail.gmail.com Whole thread Raw
In response to	Re: How does one make the following psql statement sql-injection resilient? ("David G. Johnston" <david.g.johnston@gmail.com>)
List	pgsql-general

Tree view

On Thu, Mar 19, 2015 at 12:46 PM, David G. Johnston <david.g.johnston@gmail.com> wrote:

On Thu, Mar 19, 2015 at 12:43 PM, Alvaro Herrera <alvherre@2ndquadrant.com> wrote:
David G. Johnston wrote:

> Except that server "COPY" only is documented to accept a "query" that
> begins with either SELECT or VALUES :(
>
> I hereby voice my desire for EXECUTE to be usable as well.

Feel free to submit a patch ...

I get your point though if anyone else wants this before 2017 they shouldn't count on me.

While I lack in C language skills I do possess wiki editing skills...ToDo item added.

David J.

pgsql-general by date:

From: Jason Dusek
Date: 19 March 2015, 22:51:41
Subject: Re: regclass and format('%I')

From: Matija Lesar
Date: 20 March 2015, 09:38:22
Subject: Unexpected array_remove results

Re: How does one make the following psql statement sql-injection resilient? - Mailing list pgsql-general

Previous

Next