Quick Links

Re: How does one make the following psql statement sql-injection resilient?

From:	"David G(dot) Johnston" <david(dot)g(dot)johnston(at)gmail(dot)com>
To:	Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
Cc:	Andy Colson <andy(at)squeakycode(dot)net>, "pgsql-general(at)postgresql(dot)org" <pgsql-general(at)postgresql(dot)org>
Subject:	Re: How does one make the following psql statement sql-injection resilient?
Date:	2015-03-19 19:46:10
Message-ID:	CAKFQuwZp=+_yEFkiFZH1WnSBCusyhjzabgCWwoO+wfYh=6UmZA@mail.gmail.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

On Thu, Mar 19, 2015 at 12:43 PM, Alvaro Herrera <alvherre(at)2ndquadrant(dot)com>
wrote:

> David G. Johnston wrote:
>
> > Except that server "COPY" only is documented to accept a "query" that
> > begins with either SELECT or VALUES :(
> >
> > I hereby voice my desire for EXECUTE to be usable as well.
>
> Feel free to submit a patch ...

I get your point though if anyone else wants this before 2017 they
shouldn't count on me.

David J.

In response to

Re: How does one make the following psql statement sql-injection resilient? at 2015-03-19 19:43:27 from Alvaro Herrera

Responses

Re: How does one make the following psql statement sql-injection resilient? at 2015-03-19 20:21:41 from David G. Johnston

Browse pgsql-general by date

	From	Date	Subject
Next Message	Jason Dusek	2015-03-19 19:51:34	Re: regclass and format('%I')
Previous Message	Alvaro Herrera	2015-03-19 19:43:27	Re: How does one make the following psql statement sql-injection resilient?