Re: Escaping strings for inclusion into SQL queries
От | Mitch Vincent |
---|---|
Тема | Re: Escaping strings for inclusion into SQL queries |
Дата | |
Msg-id | 001501c131a8$8f567800$1e51000a@mitch обсуждение исходный текст |
Ответ на | Re: Escaping strings for inclusion into SQL queries (Bruce Momjian <pgman@candle.pha.pa.us>) |
Ответы |
Re: Escaping strings for inclusion into SQL queries
Re: Escaping strings for inclusion into SQL queries |
Список | pgsql-hackers |
Perhaps I'm not thinking correctly but isn't it the job of the application that's using the libpq library to escape special characters? I guess I don't see a down side though, if it's implemented correctly to check and see if characters are already escaped before escaping them (else major breakage of existing application would occur).. I didn't see the patch but I assume that someone took a look to make sure before applying it. -Mitch ----- Original Message ----- From: "Bruce Momjian" <pgman@candle.pha.pa.us> To: "Florian Weimer" <Florian.Weimer@rus.uni-stuttgart.de> Cc: <pgsql-hackers@postgresql.org> Sent: Thursday, August 30, 2001 6:43 PM Subject: Re: [HACKERS] Escaping strings for inclusion into SQL queries > > Florian Weimer <Florian.Weimer@rus.uni-stuttgart.de> writes: > > > > > We therefore suggest that a string escaping function is included in a > > > future version of PostgreSQL and libpq. A sample implementation is > > > provided below, along with documentation. > > > > We have now released a description of the problems which occur when a > > string escaping function is not used: > > > > http://cert.uni-stuttgart.de/advisories/apache_auth.php > > > > What further steps are required to make the suggested patch part of > > the official libpq library? > > Will be applied soon. I was waiting for comments before adding it to > the patch queue.
В списке pgsql-hackers по дате отправления: