to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping?

From: Mohamed <mohamed5432154321(at)gmail(dot)com>
To: pgsql-general(at)postgresql(dot)org
Subject: to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping?
Date: 2009-01-07 19:07:44
Message-ID: 861fed220901071107m6cbebf8cl20b0cb3e01648ded@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Hi, I am wondering whether or not there exists any built in function for
making sure a query/textinput is not harmful or one that escapes them. If
not, what kind of things should I watch out for ?
As of now, I get errors on the quote ( ' ) if it is entered in an input and
in to_tsquery also on space. What other tokens should I be careful about?
How should I handle these ? How do I escape them ?

When fulltext indexing my text, is there any risk that the text being
indexed could be harmful if it contains certain characters ?

/ Moe

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Karsten Hilbert 2009-01-07 19:15:50 Re: encoding of PostgreSQL messages
Previous Message Kirk Strauser 2009-01-07 18:57:56 Re: FreeBSD and large shared_buffers a no-go?