Re: Protection from SQL injection

Поиск
Список
Период
Сортировка
От Tom Lane
Тема Re: Protection from SQL injection
Дата
Msg-id 25702.1209764606@sss.pgh.pa.us
обсуждение исходный текст
Ответ на Re: Protection from SQL injection  (Andrew Sullivan <ajs@commandprompt.com>)
Список pgsql-hackers
Дерево обсуждения 
Andrew Sullivan <ajs@commandprompt.com> writes:
> Oh, heaven.  I can at least think of ways to use ENUM such that you
> can justify the trade-off.  I can think of no excuse whatever for
> PQexec("COMMIT; BEGIN").  That's just lazy and sloppy.  

> Note also that more recent releases, concurrent with the improvements
> to the drivers, also reduce the impact of this sort of database misuse
> slightly.

Actually, as of 8.3 I think the impact is zero, because of the lazy
XID allocation changes.  It's still sloppy programming though.
        regards, tom lane

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Jan Urbański
Дата:
Сообщение: VacAttrStatsP vs VacAttrStats * (typedef'ing pointer types)
Следующее
От: Neil Conway
Дата:
Сообщение: Re: VacAttrStatsP vs VacAttrStats * (typedef'ing pointer types)