Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: Protection from SQL injection
- From: Tino Wildenhain <tino(at)wildenhain(dot)de>
- To: Andrew Dunstan <andrew(at)dunslane(dot)net>
- Cc: Thomas Mueller <thomas(dot)tom(dot)mueller(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org
- Subject: Re: Protection from SQL injection
- Date: Wed, 30 Apr 2008 16:47:56 +0200
- Message-id: <4818869C(dot)8010508(at)wildenhain(dot)de>
Andrew Dunstan wrote:
Tino Wildenhain wrote:Hi,In C the best practice is to use #define for constants. In C++ you have 'const', in Java 'static final'. Unfortunately the 'named constant' concept doesn't exist in SQL. I think that's a mistake. I suggest to support CREATE CONSTANT ... VALUE ... and DROP CONSTANT ..., example: CREATE CONSTANT STATE_ACTIVE VALUE 'active'.of course you mean: CREATE CONSTANT state_active TEXT VALUE 'active'; ? ;)Why does he mean that? Manifest constants are not typed in plenty of languages.
Well but in this case we want them to prevent easy sql injection and therefore arbitrary macro expansion like in those "plenty of languages" does not seem like a good idea to me. Cheers Tino
- Follow-Ups:
- Re: Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- References:
- Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: PFC
- Re: Protection from SQL injection
- From: Brendan Jurd
- Re: Protection from SQL injection
- From: PFC
- Re: Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: Tino Wildenhain
- Re: Protection from SQL injection
- From: Andrew Dunstan
- Protection from SQL injection
- Prev by Date: Re: Proposed patch - psql wraps at window width
- Next by Date: Re: Protection from SQL injection
- Previous by thread: Re: Protection from SQL injection
- Next by thread: Re: Protection from SQL injection
- Indexes: