Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: Protection from SQL injection
- From: Joe <dev(at)freedomcircle(dot)net>
- To: Ivan Sergio Borgonovo <mail(at)webthatworks(dot)it>
- Cc: pgsql-sql(at)postgresql(dot)org
- Subject: Re: Protection from SQL injection
- Date: Sun, 27 Apr 2008 11:55:18 -0400
- Message-id: <4814A1E6.1070200@freedomcircle.net> <text/plain>
Ivan Sergio Borgonovo wrote:
It'd be nice to have a wrapper that let you write prepared statements this way: "select a.id, b.name from a join b on a.id=b.id where a.status=$variable1 and b.id>$variable2 etc... but that's a pretty good change to any language parser.
Python already supports something like that. See PEP 249 (http://www.python.org/dev/peps/pep-0249/), under Module Interface, the description of the paramstyle parameter. Psycopg2 supports both the "format" (C printf) and "pyformat" styles. See the last section on this page for an example using the pyformat style: http://www.devx.com/opensource/Article/29071/0/page/3.
Joe
- Follow-Ups:
- Re: Protection from SQL injection
- From: Ivan Sergio Borgonovo
- Re: Protection from SQL injection
- References:
- Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: Thomas Kellerer
- Re: Protection from SQL injection
- From: Scott Marlowe
- Re: Protection from SQL injection
- From: Tom Lane
- Re: Protection from SQL injection
- From: Scott Marlowe
- Re: Protection from SQL injection
- From: Ivan Sergio Borgonovo
- Re: Protection from SQL injection
- From: Ivan Sergio Borgonovo
- Protection from SQL injection
- Prev by Date: Re: Curious about wide tables.
- Next by Date: Re: Protection from SQL injection
- Previous by thread: Re: Protection from SQL injection
- Next by thread: Re: Protection from SQL injection
- Indexes: