Re: design, plpgsql and sql injection in dynamically generated sql

From: Ivan Sergio Borgonovo <mail(at)webthatworks(dot)it>
To: Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: design, plpgsql and sql injection in dynamically generated sql
Date: 2009-08-18 10:59:29
Message-ID: 20090818125929.42c8046d@dawn.webthatworks.it
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

On Tue, 18 Aug 2009 12:38:49 +0200
Pavel Stehule <pavel(dot)stehule(at)gmail(dot)com> wrote:

> some unsafe function:

I suspected something similar.

I think many would appreciate if you put these examples here
http://www.okbob.blogspot.com/2008/06/execute-using-feature-in-postgresql-84.html
and substitute the int example there with the text one.

thanks

--
Ivan Sergio Borgonovo
http://www.webthatworks.it

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Sam Mason 2009-08-18 11:17:21 Re: Best database model for canvassing (and analysing) opinion
Previous Message Sam Mason 2009-08-18 10:47:46 Re: 2 versions of Postgres on the same machine