Quick Links

Community
Contributors
Mailing Lists
IRC
Local User Groups
Events
International Sites

Re: Sql injection attacks

From:	Mage <mage(at)mage(dot)hu>
To:	pgsql-general(at)postgresql(dot)org
Subject:	Re: Sql injection attacks
Date:	2004-07-26 06:08:35
Message-ID:	41049FE3.1070600@mage.hu
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Bill Moran wrote:

>
>
>Simply put:
>1) If the untrusted value is a string, using a proper escape sequence
should
> make it safe.
>
>
in pgsql (and mysql) you can escape almost everything.

update table set a = '5' is corrent, even is column a is integer type.
You can't escape the null value.

Mage

In response to

Re: Sql injection attacks at 2004-07-26 01:11:33 from Bill Moran

Responses

Re: Sql injection attacks at 2004-07-26 11:22:13 from Matthew D. Fuller

Browse pgsql-general by date

	From	Date	Subject
Next Message	Magnus Hagander	2004-07-26 08:39:58	Re: Sql injection attacks
Previous Message	Greg Stark	2004-07-26 05:57:37	Re: Sql injection attacks