Home > mailing lists

Re: Protection from SQL injection - Mailing list pgsql-hackers

From	Kris Jurka
Subject	Re: Protection from SQL injection
Date	April 30, 2008 14:08:45
Msg-id	Pine.BSO.4.64.0804301005070.10085@leary.csoft.net Whole thread Raw
In response to	Re: Protection from SQL injection (Josh Berkus <josh@agliodbs.com>)
List	pgsql-hackers

Tree view

On Tue, 29 Apr 2008, Josh Berkus wrote:

>> Did you guys miss Tom's comment up-thread? Postgres already does this if
>> you use PQExecParams().
>
> Keen.  Now we just need to get the driver developers to implement it.  I
> imagine Java does.
>

The JDBC driver takes a multi-command statement and splits it up to be 
able to use the extended query protocol.  So the JDBC driver is actually
doing the reverse of your suggestion.  For us it was a decision to ease 
the transition from V2 to V3 protocol and not break code that used to 
work.

Kris Jurka

pgsql-hackers by date:

From: "Guillaume Smet"
Date: 30 April 2008, 14:06:26
Subject: Re: Column storage positions

From: Alvaro Herrera
Date: 30 April 2008, 14:10:06
Subject: Re: Proposed patch - psql wraps at window width

Re: Protection from SQL injection - Mailing list pgsql-hackers

Previous

Next