From: | <operationsengineer1(at)yahoo(dot)com> |
---|---|
To: | Michael Fuhr <mike(at)fuhr(dot)org> |
Cc: | "pgsql-novice(at)postgresql(dot)org" <pgsql-novice(at)postgresql(dot)org> |
Subject: | Re: Bind Variables and Quoting / Dequoting Input |
Date: | 2005-12-13 20:42:02 |
Message-ID: | 20051213204202.18554.qmail@web33306.mail.mud.yahoo.com |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-novice |
--- Michael Fuhr <mike(at)fuhr(dot)org> wrote:
> On Mon, Dec 12, 2005 at 09:08:32AM -0800,
> operationsengineer1(at)yahoo(dot)com wrote:
> > Mike, thanks. i was getting quotes inside the
> > database "cells", which is why i had to figure out
> > what was going on. the data is inserted correctly
> > now, i just want to make sure the process is also
> a
> > safe process.
>
> Using placeholders is supposed to be safe -- that's
> part of the
> rationale for using them -- but you'd have to
> examine the implementation
> to be sure it doesn't have any vulnerabilities.
>
> I see the following in the ADOdb documentation:
>
> Currently Oracle, Interbase and ODBC supports
> variable binding.
> Interbase/ODBC style ? binding is emulated in
> databases that
> do not support binding. Note that you do not
> have to quote
> strings if you use binding.
>
> If this documentation is up to date then apparently
> the PostgreSQL
> driver does emulation. Recent versions of
> PostgreSQL (7.4 and
> later) support separation of SQL and parameters at
> the protocol
> layer but you'd have to dig into ADOdb to see if it
> uses that
> capability.
fyi, john's answer from his forum...
Yes, in adodb 4.68, if you are running php5, native
variable binding is used.
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
From | Date | Subject | |
---|---|---|---|
Next Message | manjusri schuit | 2005-12-13 21:39:51 | Re: What is the Best Way to Learn PL/pgSQL? |
Previous Message | Andreas Kretschmer | 2005-12-13 18:11:08 | Re: Update Query Problem |