Quick Links

Re: SQL injection in a ~ or LIKE statement

From:	"Harald Armin Massa" <haraldarminmassa(at)gmail(dot)com>
To:	"Uwe C(dot) Schroeder" <uwe(at)oss4u(dot)com>
Cc:	pgsql-general(at)postgresql(dot)org, "Volkan YAZICI" <yazicivo(at)ttnet(dot)net(dot)tr>, hefferon9(at)adelphia(dot)net
Subject:	Re: SQL injection in a ~ or LIKE statement
Date:	2006-10-23 05:58:30
Message-ID:	7be3f35d0610222258k54df819r9c47dd9fb4c35267@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

>
>
> psycopg2 supports parameters which are escaped properly.
>

adding: Judging from the mails of Frederico, developer of psycopg2, he was
also in the "early notify circle" of the 8.13->8.14 escaping improvement.
So, if done correctly the DB API way, all escaping with psycopg2 is fine.

Harald

--
GHUM Harald Massa
persuadere et programmare
Harald Armin Massa
Reinsburgstraße 202b
70197 Stuttgart
0173/9409607
-
Python: the only language with more web frameworks than keywords.

In response to

Re: SQL injection in a ~ or LIKE statement at 2006-10-22 21:33:12 from Uwe C. Schroeder

Responses

Re: SQL injection in a ~ or LIKE statement at 2006-10-25 06:46:55 from Karsten Hilbert

Browse pgsql-general by date

	From	Date	Subject
Next Message	brian	2006-10-23 06:11:48	Re: How to determine initdb parameters on old database?
Previous Message	Joost Kraaijeveld	2006-10-23 05:54:37	How to determine initdb parameters on old database?