Re: design, plpgsql and sql injection in dynamically generated sql

From: Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>
To: Ivan Sergio Borgonovo <mail(at)webthatworks(dot)it>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: design, plpgsql and sql injection in dynamically generated sql
Date: 2009-08-18 12:54:57
Message-ID: 162867790908180554v6d291b5dv7f5dc4f995b2cdc6@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

2009/8/18 Ivan Sergio Borgonovo <mail(at)webthatworks(dot)it>:
> On Tue, 18 Aug 2009 12:38:49 +0200
> Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> wrote:
>
>> some unsafe function:
>
> I suspected something similar.
>
> I think many would appreciate if you put these examples here
> http://www.okbob.blogspot.com/2008/06/execute-using-feature-in-postgresql-84.html
> and substitute the int example there with the text one.

actualized
http://okbob.blogspot.com/2008/06/execute-using-feature-in-postgresql-84.html

regards
Pavel

>
> thanks
>
> --
> Ivan Sergio Borgonovo
> http://www.webthatworks.it
>
>

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Adrian Klaver 2009-08-18 13:26:48 Re: Function Logging
Previous Message Sam Mason 2009-08-18 12:49:11 Re: Best database model for canvassing (and analysing) opinion