Home > mailing lists

Re: Data type to use for primary key - Mailing list pgsql-performance

From	Pierre-Frédéric Caillaud
Subject	Re: Data type to use for primary key
Date	November 23, 2004 19:43:40
Msg-id	opshxfh1ibcq72hf@musicbox Whole thread Raw
In response to	Re: Data type to use for primary key ("Peter Darley" <pdarley@kinesis-cem.com>)
List	pgsql-performance

Tree view

> All,
>     Well, you should still escape any strings you're getting from a web
> page so
> you can ensure you're not subject to a SQL insert attack, even if you're
> expecting integers.
> Thanks,
> Peter Darley

    Well, your framework should do this for you :

    "integer" specified in your database object class description
    "%d" appears in in your generated queries (or you put it in your hand
written queries)
    => if the parameter is not an integer, an exception is thrown, then
catched, then an error page is displayed...

    Or, just casting to int should throw an exception...

    Forms should be validated, but hidden parameters in links are OK imho to
display an error page if they are incorrect, after all, if the user edits
the get or post parameters, well...

pgsql-performance by date:

From: Alexandre Leclerc
Date: 23 November 2004, 19:30:12
Subject: Re: Data type to use for primary key

From: "Merlin Moncure"
Date: 23 November 2004, 20:07:06
Subject: Re: [pgsql-hackers-win32] scalability issues on win32

Re: Data type to use for primary key - Mailing list pgsql-performance

Previous

Next