| From: | "Dave Page" <dpage(at)vale-housing(dot)co(dot)uk> |
|---|---|
| To: | "Christopher Kings-Lynne" <chris(dot)kings-lynne(at)calorieking(dot)com>, "Tom Lane" <tgl(at)sss(dot)pgh(dot)pa(dot)us> |
| Cc: | "Hackers" <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: PQescapeIdentifier |
| Date: | 2006-05-31 07:28:47 |
| Message-ID: | E7F85A1B5FF8D44C8A1AF6885BC9A0E4013885A1@ratbert.vale-housing.co.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
> -----Original Message-----
> From: pgsql-hackers-owner(at)postgresql(dot)org
> [mailto:pgsql-hackers-owner(at)postgresql(dot)org] On Behalf Of
> Christopher Kings-Lynne
> Sent: 31 May 2006 04:16
> To: Tom Lane
> Cc: Hackers
> Subject: Re: [HACKERS] PQescapeIdentifier
>
> > Christopher Kings-Lynne <chris(dot)kings-lynne(at)calorieking(dot)com> writes:
> >> Here's a question. I wish to add a function to libpq to escape
> >> PostgreSQL identifiers. Will this function be subject to the same
> >> security/encoding issues as PQescapeString?
> >
> > Is this of any general-purpose use? How many apps are
> really prepared
> > to let an untrusted user dictate which columns are
> selected/compared?
>
> phpPgAdmin has use for it, I assume pgAdmin would as well.
Yes, it would.
Regards, Dave.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Magnus Hagander | 2006-05-31 08:06:48 | Re: [PATCHES] Magic block for modules |
| Previous Message | Martijn van Oosterhout | 2006-05-31 07:22:20 | Re: plperl's ppport.h out of date? |