Preventing sql injection

From: Rick Roman <rick(at)cotse(dot)net>
To: pgsql-admin(at)postgresql(dot)org
Subject: Preventing sql injection
Date: 2005-08-10 17:02:05
Message-ID: 42FA330D.7020908@cotse.net
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-admin

I have a web application that will allow users to submit comments. The
database activity consists of a single insert statement into a comments
table. I want to lock down this operation against sql injection attacks.
Can someone point me to a discussion of general principles? I've seen
reference to V3 extended-query protocol. Where is this invoked? Other
suggestions?

Responses

Browse pgsql-admin by date

  From Date Subject
Next Message Alvaro Herrera 2005-08-10 17:11:08 Re: Preventing sql injection
Previous Message James Thompson 2005-08-10 13:36:43 Re: problem during amrestore