Re: to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping?

From: Mohamed <mohamed5432154321(at)gmail(dot)com>
To: pgsql-general(at)postgresql(dot)org
Subject: Re: to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping?
Date: 2009-01-08 08:52:29
Message-ID: 861fed220901080052k5880f1fbkb440a54f7b3761c0@mail.gmail.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

..... any one?

On Wed, Jan 7, 2009 at 8:07 PM, Mohamed <mohamed5432154321(at)gmail(dot)com> wrote:

> Hi, I am wondering whether or not there exists any built in function for
> making sure a query/textinput is not harmful or one that escapes them. If
> not, what kind of things should I watch out for ?
> As of now, I get errors on the quote ( ' ) if it is entered in an input and
> in to_tsquery also on space. What other tokens should I be careful about?
> How should I handle these ? How do I escape them ?
>
> When fulltext indexing my text, is there any risk that the text being
> indexed could be harmful if it contains certain characters ?
>
> / Moe
>

In response to

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Reg Me Please 2009-01-08 09:20:33 Re: to_tsquery, plainto_... avoiding bad input, injections. Is there a builtin function for this ? Escaping?
Previous Message Peter Eisentraut 2009-01-08 08:30:57 Re: Error: column "host" does not exist