Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: Protection from SQL injection
- From: Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
- To: "Gurjeet Singh" <singh(dot)gurjeet(at)gmail(dot)com>
- Cc: "Thomas Mueller" <thomas(dot)tom(dot)mueller(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org
- Subject: Re: Protection from SQL injection
- Date: Wed, 30 Apr 2008 13:28:19 -0400
- Message-id: <20390(dot)1209576499(at)sss(dot)pgh(dot)pa(dot)us>
"Gurjeet Singh" <singh(dot)gurjeet(at)gmail(dot)com> writes: > Maybe we can extend the SQL's WITH clause do declare the constant along with > the query, and not separate from the query. > WITH CONSTANT c_jobrole = 'clerk', CONSTANT c_dept = 10 > SELECT * FROM emp WHERE jobrole = c_jobrole and deptno = c_dept; [ scratches head... ] And that will provide SQL injection protection how? Anyway, you hardly need new syntax to do that, I'd expect WITH SELECT 'clerk' AS c_jobrole ... to accomplish it just fine. regards, tom lane
- Follow-Ups:
- Re: Protection from SQL injection
- From: Gurjeet Singh
- Re: Protection from SQL injection
- References:
- Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: PFC
- Re: Protection from SQL injection
- From: Brendan Jurd
- Re: Protection from SQL injection
- From: PFC
- Re: Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: Tino Wildenhain
- Re: Protection from SQL injection
- From: Andrew Dunstan
- Re: Protection from SQL injection
- From: Tino Wildenhain
- Re: Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: Gurjeet Singh
- Protection from SQL injection
- Prev by Date: Re: Protection from SQL injection
- Next by Date: Re: Protection from SQL injection
- Previous by thread: Re: Protection from SQL injection
- Next by thread: Re: Protection from SQL injection
- Indexes: