| From: | Reg Me Please <regmeplease(at)gmail(dot)com> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping? |
| Date: | 2009-01-08 09:20:33 |
| Message-ID: | 200901081020.34666.regmeplease@gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
Maybe I'm missing the point, but have read about quote_ident() and
quote_literal() at chapter 9.4 "String Functions and Operators"?
BR
--
Fahrbahn ist ein graues Band
weisse Streifen, grüner Rand
On Thursday 08 January 2009 09:52:29 Mohamed wrote:
> ..... any one?
>
> On Wed, Jan 7, 2009 at 8:07 PM, Mohamed <mohamed5432154321(at)gmail(dot)com> wrote:
> > Hi, I am wondering whether or not there exists any built in function for
> > making sure a query/textinput is not harmful or one that escapes them. If
> > not, what kind of things should I watch out for ?
> > As of now, I get errors on the quote ( ' ) if it is entered in an input
> > and in to_tsquery also on space. What other tokens should I be careful
> > about? How should I handle these ? How do I escape them ?
> >
> > When fulltext indexing my text, is there any risk that the text being
> > indexed could be harmful if it contains certain characters ?
> >
> > / Moe
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Yogvinder Singh | 2009-01-08 09:58:02 | Re: RCA for MemoryContextAlloc: invalid request size(Known Issue) |
| Previous Message | Mohamed | 2009-01-08 08:52:29 | Re: to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping? |