| From: | Scott Marlowe <scott(dot)marlowe(at)gmail(dot)com> |
|---|---|
| To: | RebeccaJ <rebeccaj(at)gmail(dot)com> |
| Cc: | pgsql-general(at)postgresql(dot)org |
| Subject: | Re: text column constraint, newbie question |
| Date: | 2009-03-22 08:19:42 |
| Message-ID: | dcc563d10903220119x54d52e46tb37afdfec28dd0bd@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general |
On Sat, Mar 21, 2009 at 11:13 PM, RebeccaJ <rebeccaj(at)gmail(dot)com> wrote:
> Hi,
>
> I'm new to both PostgreSQL and web-based application development; I
> read the FAQ at postgresql.org (perhaps this discussion group has
> another FAQ that I haven't found yet?) and didn't see this addressed.
>
> I'm creating a table with a column of type text, to be used in a php
> web application, where I'll be accepting user input for that text
> field. Are there characters, maybe non-printing characters, or perhaps
> even whole phrases, that could cause problems in my database or
> application if I were to allow users to enter them into that column?
>
> If so, does anyone happen to have a regular expression handy that you
> think is a good choice for text columns' CHECK constraint? Or maybe a
> link to a discussion of this topic?
Nope, there's nothing you can put into a text to break pgsql.
However, if you are using regular old queries, you'd be advised to use
pg_escape_string() function in php to prevent SQL injection attacks.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Craig Ringer | 2009-03-22 08:39:30 | Re: (odbc) multiple step ole db generated error - date/timestamp column |
| Previous Message | RebeccaJ | 2009-03-22 05:13:52 | text column constraint, newbie question |