Quick Links

Community
Contributors
Mailing Lists
IRC
Local User Groups
Events
International Sites

escaping literals (in libpq)

From:	Volkan YAZICI <yazicivo(at)ttnet(dot)net(dot)tr>
To:	pgsql-interfaces(at)postgresql(dot)org
Subject:	escaping literals (in libpq)
Date:	2005-04-03 00:27:47
Message-ID:	20050403002747.GA1158@alamut
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-interfaces

Hi,

By using PQescapeString() and PQescapeBytea() we can protect SQL
commands from SQL-Injection. I just wonder if it's necessary to
use these escape functions when using PQexecParams() or
PQsendQueryParams(); or these execParam functions don't need
escaping literals?

# End of file

Responses

Re: escaping literals (in libpq) at 2005-04-03 16:33:39 from Michael Fuhr

Browse pgsql-interfaces by date

	From	Date	Subject
Next Message	Sean Davis	2005-04-03 00:36:18	Re: calling an external (windows) exe
Previous Message	Zlatko Matić	2005-04-02 22:48:15	OLEDB and ODBC