Quick Links

Re: Avoiding SQL injection in Dynamic Queries (in plpgsql)

From:	Craig Ringer <craig(at)postnewspapers(dot)com(dot)au>
To:	Allan Kamau <kamauallan(at)gmail(dot)com>
Cc:	Postgres General Postgres General <pgsql-general(at)postgresql(dot)org>
Subject:	Re: Avoiding SQL injection in Dynamic Queries (in plpgsql)
Date:	2010-03-17 08:41:15
Message-ID:	4BA095AB.9050902@postnewspapers.com.au
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Allan Kamau wrote:
> When writing dynamic commands (those having "EXECUTE 'some SQL
> query';), is there a way to prevent interpretation of input parameters
> as pieces of SQL commands?

EXECUTE ... USING

--
Craig Ringer

In response to

Avoiding SQL injection in Dynamic Queries (in plpgsql) at 2010-03-17 08:12:32 from Allan Kamau

Responses

Re: Avoiding SQL injection in Dynamic Queries (in plpgsql) at 2010-03-17 09:06:03 from Allan Kamau

Browse pgsql-general by date

	From	Date	Subject
Next Message	Cesar Martin	2010-03-17 08:54:44	Re: recuperar nodo en estado 3
Previous Message	Allan Kamau	2010-03-17 08:12:32	Avoiding SQL injection in Dynamic Queries (in plpgsql)