Home > mailing lists

Re: Escaping strings for inclusion into SQL queries - Mailing list pgsql-hackers

From	Florian Weimer
Subject	Re: Escaping strings for inclusion into SQL queries
Date	August 30, 2001 12:21:44
Msg-id	tgg0a9y983.fsf@mercury.rus.uni-stuttgart.de Whole thread Raw
In response to	Escaping strings for inclusion into SQL queries (Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE>)
Responses	Re: Escaping strings for inclusion into SQL queries
List	pgsql-hackers

Tree view

Florian Weimer <Florian.Weimer@rus.uni-stuttgart.de> writes:

> We therefore suggest that a string escaping function is included in a
> future version of PostgreSQL and libpq.  A sample implementation is
> provided below, along with documentation.

We have now released a description of the problems which occur when a
string escaping function is not used:

http://cert.uni-stuttgart.de/advisories/apache_auth.php

What further steps are required to make the suggested patch part of
the official libpq library?

Thanks,
-- 
Florian Weimer                       Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

pgsql-hackers by date:

From: Jon Lapham
Date: 30 August 2001, 11:37:39
Subject: Re: Odd rule behavior?

From: Hannu Krosing
Date: 30 August 2001, 13:19:39
Subject: Re: Re: Toast,bytea, Text -blob all confusing

Re: Escaping strings for inclusion into SQL queries - Mailing list pgsql-hackers

Previous

Next