Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: Protection from SQL injection
- From: Kris Jurka <books(at)ejurka(dot)com>
- To: Josh Berkus <josh(at)agliodbs(dot)com>
- Cc: pgsql-hackers(at)postgresql(dot)org, Gregory Stark <stark(at)enterprisedb(dot)com>, Andrew Sullivan <ajs(at)commandprompt(dot)com>
- Subject: Re: Protection from SQL injection
- Date: Wed, 30 Apr 2008 10:08:25 -0400 (EDT)
- Message-id: <Pine(dot)BSO(dot)4(dot)64(dot)0804301005070(dot)10085(at)leary(dot)csoft(dot)net>
On Tue, 29 Apr 2008, Josh Berkus wrote:
Did you guys miss Tom's comment up-thread? Postgres already does this if you use PQExecParams().Keen. Now we just need to get the driver developers to implement it. I imagine Java does.
The JDBC driver takes a multi-command statement and splits it up to be able to use the extended query protocol. So the JDBC driver is actually doing the reverse of your suggestion. For us it was a decision to ease the transition from V2 to V3 protocol and not break code that used to work.
Kris Jurka
- References:
- Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: Josh Berkus
- Re: Protection from SQL injection
- From: Gregory Stark
- Re: Protection from SQL injection
- From: Josh Berkus
- Protection from SQL injection
- Prev by Date: Re: Column storage positions
- Next by Date: Re: Proposed patch - psql wraps at window width
- Previous by thread: Re: Protection from SQL injection
- Next by thread: Re: Protection from SQL injection
- Indexes: