Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: Protection from SQL injection
- From: Tino Wildenhain <tino(at)wildenhain(dot)de>
- To: Thomas Mueller <thomas(dot)tom(dot)mueller(at)gmail(dot)com>
- Cc: pgsql-hackers(at)postgresql(dot)org
- Subject: Re: Protection from SQL injection
- Date: Tue, 29 Apr 2008 16:35:41 +0200
- Message-id: <4817323D(dot)8070700(at)wildenhain(dot)de>
Hi,
In C the best practice is to use #define for constants. In C++ you have 'const', in Java 'static final'. Unfortunately the 'named constant' concept doesn't exist in SQL. I think that's a mistake. I suggest to support CREATE CONSTANT ... VALUE ... and DROP CONSTANT ..., example: CREATE CONSTANT STATE_ACTIVE VALUE 'active'.
of course you mean: CREATE CONSTANT state_active TEXT VALUE 'active'; ? ;) interesting idea, would that mean PG complaints on queries SELECT state_active FROM sometable ... because state_active is already defined as constant? What about local session variables? Usefull as well... I think this is really a big effort :-) Greets Tino
- Follow-Ups:
- Re: Protection from SQL injection
- From: Andrew Dunstan
- Re: Protection from SQL injection
- References:
- Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: PFC
- Re: Protection from SQL injection
- From: Brendan Jurd
- Re: Protection from SQL injection
- From: PFC
- Re: Protection from SQL injection
- From: Thomas Mueller
- Protection from SQL injection
- Prev by Date: Re: SRF in SFRM_ValuePerCall mode
- Next by Date: Re: Protection from SQL injection
- Previous by thread: Re: Protection from SQL injection
- Next by thread: Re: Protection from SQL injection
- Indexes: