| From: | "David E(dot) Wheeler" <david(at)kineticode(dot)com> |
|---|---|
| To: | Robert Haas <robertmhaas(at)gmail(dot)com> |
| Cc: | Andrew Dunstan <andrew(at)dunslane(dot)net>, marcin mank <marcin(dot)mank(at)gmail(dot)com>, PostgreSQL-development <pgsql-hackers(at)postgresql(dot)org> |
| Subject: | Re: PG 9.0 and standard_conforming_strings |
| Date: | 2010-02-04 17:12:24 |
| Message-ID: | E28A3136-41C1-4641-8B0B-1D966E0D4985@kineticode.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
On Feb 3, 2010, at 6:16 PM, Robert Haas wrote:
>> Any web framework that interpolates user supplied values into SQL rather
>> than using placeholders is broken from the get go, IMNSHO. I'm not saying
>> that there aren't reasons to hold up moving to SCS, but this isn't one of
>> them.
>
> That seems more than slightly harsh. I've certainly come across
> situations where interpolating values (with proper quoting of course)
> made more sense than using placeholders. YMMV, of course.
Not if it leads to Little Bobby Tables's door when, you know, you use SQL conformant strings! Sounds like an app that needs its quoting function fixed.
Best,
David
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Andrew Dunstan | 2010-02-04 17:28:30 | Re: PG 9.0 and standard_conforming_strings |
| Previous Message | Michael Meskes | 2010-02-04 17:03:52 | Re: NaN/Inf fix for ECPG Re: out-of-scope cursor errors |