Home > mailing lists

Re: How does one make the following psql statement sql-injection resilient? - Mailing list pgsql-general

From	David G. Johnston
Subject	Re: How does one make the following psql statement sql-injection resilient?
Date	March 19, 2015 22:46:17
Msg-id	CAKFQuwZp=+_yEFkiFZH1WnSBCusyhjzabgCWwoO+wfYh=6UmZA@mail.gmail.com Whole thread Raw
In response to	Re: How does one make the following psql statement sql-injection resilient? (Alvaro Herrera <alvherre@2ndquadrant.com>)
Responses	Re: How does one make the following psql statement sql-injection resilient? ("David G. Johnston" <david.g.johnston@gmail.com>)
List	pgsql-general

Tree view

On Thu, Mar 19, 2015 at 12:43 PM, Alvaro Herrera <alvherre@2ndquadrant.com> wrote:

David G. Johnston wrote:

> Except that server "COPY" only is documented to accept a "query" that
> begins with either SELECT or VALUES :(
>
> I hereby voice my desire for EXECUTE to be usable as well.

Feel free to submit a patch ...

I get your point though if anyone else wants this before 2017 they shouldn't count on me.

David J.

pgsql-general by date:

From: Alvaro Herrera
Date: 19 March 2015, 22:43:02
Subject: Re: How does one make the following psql statement sql-injection resilient?

From: Jason Dusek
Date: 19 March 2015, 22:51:41
Subject: Re: regclass and format('%I')

Re: How does one make the following psql statement sql-injection resilient? - Mailing list pgsql-general

Previous

Next