BUG #13753: Docs for plpy.execute() miss info about quoting

Поиск
Список
Период
Сортировка
От guettliml@thomas-guettler.de
Тема BUG #13753: Docs for plpy.execute() miss info about quoting
Дата
Msg-id 20151103132244.2762.96085@wrigleys.postgresql.org
обсуждение исходный текст
Ответы Re: BUG #13753: Docs for plpy.execute() miss info about quoting
Список pgsql-bugs
Дерево обсуждения 
The following bug has been logged on the website:

Bug reference:      13753
Logged by:          Thomas Güttler
Email address:      guettliml@thomas-guettler.de
PostgreSQL version: 9.4.5
Operating system:   Linux
Description:

This page misses important information:

http://www.postgresql.org/docs/9.4/static/plpython-database.html

How to quote the arguments?

The relevant information is here:
http://www.postgresql.org/docs/9.4/static/plpython-util.html

Please include a link from the execute() docs to the quoting docs.

I was trapped by a bug made by a team mate who did no quoting.

Not quoting the values of a SQL query can lead to SQL injects which are a
big security concern.

Please add a note to the docs.

Thank you.

В списке pgsql-bugs по дате отправления:

Предыдущее
От: Jeremiah Reinmiller
Дата:
Сообщение: Re: BUG #13752: Incorrect RPM Version on 9.0.23 Release
Следующее
От: Tom Lane
Дата:
Сообщение: Re: BUG #13753: Docs for plpy.execute() miss info about quoting