Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: Protection from SQL injection
- From: Gregory Stark <stark(at)enterprisedb(dot)com>
- To: <josh(at)agliodbs(dot)com>
- Cc: <pgsql-hackers(at)postgresql(dot)org>, "Andrew Sullivan" <ajs(at)commandprompt(dot)com>
- Subject: Re: Protection from SQL injection
- Date: Tue, 29 Apr 2008 21:02:30 -0400
- Message-id: <87zlrcf93t(dot)fsf(at)oxford(dot)xeocode(dot)com>
"Josh Berkus" <josh(at)agliodbs(dot)com> writes: >> (I sort of like the >> suggestion up-thread, myself, which is to have a GUC that disables >> multi-statement commands. That'd probably cover a huge number of >> cases, and combined with some sensible quoting rules in client >> libraries, would quite possibly be enough.) > > MySQL did this already. Did you guys miss Tom's comment up-thread? Postgres already does this if you use PQExecParams(). -- Gregory Stark EnterpriseDB http://www.enterprisedb.com Ask me about EnterpriseDB's Slony Replication support!
- Follow-Ups:
- Re: Protection from SQL injection
- From: Andrew Sullivan
- Re: Protection from SQL injection
- From: Josh Berkus
- Re: Protection from SQL injection
- References:
- Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: Andrew Sullivan
- Re: Protection from SQL injection
- From: Andrew Sullivan
- Re: Protection from SQL injection
- From: Josh Berkus
- Protection from SQL injection
- Prev by Date: Re: Protection from SQL injection
- Next by Date: Re: Protection from SQL injection
- Previous by thread: Re: Protection from SQL injection
- Next by thread: Re: Protection from SQL injection
- Indexes: