Home > mailing lists

Re: text column constraint, newbie question - Mailing list pgsql-general

From	Scott Marlowe
Subject	Re: text column constraint, newbie question
Date	March 23, 2009 07:07:25
Msg-id	dcc563d10903230007i547d57d1y8057c6f11751af41@mail.gmail.com Whole thread Raw
In response to	Re: text column constraint, newbie question (Stephen Cook <sclists@gmail.com>)
Responses	Re: text column constraint, newbie question Re: text column constraint, newbie question Re: text column constraint, newbie question
List	pgsql-general

Tree view

On Mon, Mar 23, 2009 at 12:59 AM, Stephen Cook <sclists@gmail.com> wrote:
> You should use pg_query_params() rather than build a SQL statement in your
> code, to prevent SQL injection attacks. Also, if you are going to read this
> data back out and show it on a web page you probably should make sure there
> is no rogue HTML or JavaScript or anything in there with htmlentities() or
> somesuch.

Are you saying pg_quer_params is MORE effective than pg_escape_string
at deflecting SQL injection attacks?

pgsql-general by date:

From: Stephen Cook
Date: 23 March 2009, 06:59:34
Subject: Re: text column constraint, newbie question

From: David Wilson
Date: 23 March 2009, 07:52:05
Subject: Re: text column constraint, newbie question

Re: text column constraint, newbie question - Mailing list pgsql-general

Previous

Next