| From: | "David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com> |
|---|---|
| To: | Alvaro Herrera <alvherre(at)2ndquadrant(dot)com> |
| Cc: | Andy Colson <andy(at)squeakycode(dot)net>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org> |
| Subject: | Re: How does one make the following psql statement sql-injection resilient? |
| Date: | 2015-03-19 20:21:41 |
| Message-ID: | CAKFQuwYkryOa9YbNcRhecBW-NekwOoq4V0haGpYR6m5MS9qxDQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Thu, Mar 19, 2015 at 12:46 PM, David G. Johnston <
david(dot)g(dot)johnston(at)gmail(dot)com> wrote:
> On Thu, Mar 19, 2015 at 12:43 PM, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com
> > wrote:
>
>> David G. Johnston wrote:
>>
>> > Except that server "COPY" only is documented to accept a "query" that
>> > begins with either SELECT or VALUES :(
>> >
>> > I hereby voice my desire for EXECUTE to be usable as well.
>>
>> Feel free to submit a patch ...
>
>
> I get your point though if anyone else wants this before 2017 they
> shouldn't count on me.
>
While I lack in C language skills I do possess wiki editing skills...ToDo
item added.
David J.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Matija Lesar | 2015-03-20 06:37:32 | Unexpected array_remove results |
| Previous Message | Jason Dusek | 2015-03-19 19:51:34 | Re: regclass and format('%I') |