Home > mailing lists

Re: Escaping strings for inclusion into SQL queries - Mailing list pgsql-hackers

From	Florian Weimer
Subject	Re: Escaping strings for inclusion into SQL queries
Date	August 30, 2001 23:37:59
Msg-id	tgsne9uks9.fsf@mercury.rus.uni-stuttgart.de Whole thread Raw
In response to	Re: Escaping strings for inclusion into SQL queries ("Mitch Vincent" <mvincent@cablespeed.com>)
List	pgsql-hackers

Tree view

"Mitch Vincent" <mvincent@cablespeed.com> writes:

> Perhaps I'm not thinking correctly but isn't it the job of the application
> that's using the libpq library to escape special characters?

Yes, it is.

> I guess I don't see a down side though, if it's implemented
> correctly to check and see if characters are already escaped before
> escaping them (else major breakage of existing application would
> occur)..

You can't do this automatically because the strings needing escaping
are not marked in any way at the moment.

-- 
Florian Weimer                       Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

pgsql-hackers by date:

From: Alex Pilosov
Date: 30 August 2001, 22:32:33
Subject: Re: Escaping strings for inclusion into SQL queries

From: "Christopher Kings-Lynne"
Date: 31 August 2001, 00:19:34
Subject: Re: Full Text Indexing

Re: Escaping strings for inclusion into SQL queries - Mailing list pgsql-hackers

Previous

Next