Home > mailing lists

Re: Correct escaping of untrusted data - Mailing list pgsql-general

From	Pierre-Frédéric Caillaud
Subject	Re: Correct escaping of untrusted data
Date	August 6, 2004 07:25:38
Msg-id	opscauw2hocq72hf@musicbox Whole thread Raw
In response to	Re: Correct escaping of untrusted data (Lincoln Yeoh <lyeoh@pop.jaring.my>)
List	pgsql-general

Tree view


> Is the 7.4.x multibyte support bombproof? How would we avoid problems
> like this:
>
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&c2coff=1&safe=off&edition=us&selm=20020502171830J.t-ishii%40sra.co.jp

    Well, maybe using UTF-8 encoding would fix this ?

> update tablea set data=3-? where a=1;

    Add parentheses :

> update tablea set data=3-(?) where a=1;

    Or do it in your program... but you can't do this if you have a db field
or function instead of the 3.

pgsql-general by date:

From: Richard Huxton
Date: 06 August 2004, 07:23:29
Subject: Re: Postgres and Tools Intro?

From: Michael Glaesemann
Date: 06 August 2004, 08:49:43
Subject: Re: Data version idea (please discuss)

Re: Correct escaping of untrusted data - Mailing list pgsql-general

Previous

Next