On Sun, 31 Aug 2003, joe user wrote:
> >From looking at some logs, it looks like there might
> be an SQL injection bug with null-terminated strings.
> Is this a known problem? If it is not, I will try to
> write a test program to trigger it.
>
This has been fixed in the development version of the driver.
See the following, check revision 1.29
http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/interfaces/jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java
Kris Jurka