| From: | Florian Weimer <Florian(dot)Weimer(at)RUS(dot)Uni-Stuttgart(dot)DE> |
|---|---|
| To: | pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Escaping strings for inclusion into SQL queries |
| Date: | 2001-08-31 00:37:26 |
| Message-ID: | tgsne9uks9.fsf@mercury.rus.uni-stuttgart.de |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
"Mitch Vincent" <mvincent(at)cablespeed(dot)com> writes:
> Perhaps I'm not thinking correctly but isn't it the job of the application
> that's using the libpq library to escape special characters?
Yes, it is.
> I guess I don't see a down side though, if it's implemented
> correctly to check and see if characters are already escaped before
> escaping them (else major breakage of existing application would
> occur)..
You can't do this automatically because the strings needing escaping
are not marked in any way at the moment.
--
Florian Weimer Florian(dot)Weimer(at)RUS(dot)Uni-Stuttgart(dot)DE
University of Stuttgart http://cert.uni-stuttgart.de/
RUS-CERT +49-711-685-5973/fax +49-711-685-5898
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Christopher Kings-Lynne | 2001-08-31 01:14:21 | Re: Multiple semicolon separated statements and autocommit |
| Previous Message | Alex Pilosov | 2001-08-30 23:32:58 | Re: Escaping strings for inclusion into SQL queries |