Re: Need help with quote escaping in exim for postgresql

From: Florian Weimer <fw(at)deneb(dot)enyo(dot)de>
To: Marc Haber <mh+pgsql-general(at)zugschlus(dot)de>
Cc: pgsql-general(at)postgresql(dot)org
Subject: Re: Need help with quote escaping in exim for postgresql
Date: 2006-07-09 17:23:13
Message-ID: 87y7v23d6m.fsf@mid.deneb.enyo.de
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

* Martijn van Oosterhout:

> * If application always sends untrusted strings as out-of-line
> parameters, instead of embedding them into SQL commands, it is not
> vulnerable.

This paragraph should explictly mention PQexecParams (which everybody
should use anyway).

It seems that Exim's architecture prevents the use of PQexecParams,
though.

In response to

Browse pgsql-general by date

  From Date Subject
Next Message Martijn van Oosterhout 2006-07-09 18:39:43 Re: Need help with quote escaping in exim for postgresql
Previous Message Michael Fuhr 2006-07-09 16:43:42 Re: Procedural language functions across servers