could you elaborate on:
Place holders ( those are in prepared queries, yes?)
out of band?
1/24/2003 9:22:42 AM, Greg Stark <gsstark@mit.edu> wrote:
>
>"Nigel J. Andrews" <nandrews@investsystems.co.uk> writes:
>
>But the best way to deal with this is to use placeholders and prepared queries
>and provide the data out of band. This completely sidesteps the issue and
>guarantees you can't get it wrong by mistake ever. Mixing user-provided data
>with program code is a recipe for security holes.
>
>--
>greg
>
>
>---------------------------(end of broadcast)---------------------------
>TIP 1: subscribe and unsubscribe commands go to majordomo@postgresql.org
>