Re: text column constraint, newbie question
От | Daniel Verite |
---|---|
Тема | Re: text column constraint, newbie question |
Дата | |
Msg-id | 546c88aa-fbd1-4d32-98aa-15c8b691c38d@mm обсуждение исходный текст |
Ответ на | Re: text column constraint, newbie question (RebeccaJ <rebeccaj@gmail.com>) |
Ответы |
Re: text column constraint, newbie question
|
Список | pgsql-general |
RebeccaJ wrote: > Thanks, everyone, for your contribution to this thread. I'm > approaching the database design of my web application differently, > now. Before, I was planning to have CHECK constraints in all of my > text or char fields, to keep out all semicolons, single quotes, and > anything else that looked dangerous. Now I'm thinking that I'll be > using htmlentities(), pg_escape_string() and pg_query_params() as > safety filters, and otherwise allowing users to store whatever they > want to, in the fields where I store/retrieve user input. Note that htmlentities() expects LATIN1-encoded strings and is thus unusable on UTF-8 contents. So if you end up talking UTF-8 with the database, you'll probably need to use htmlspecialchars() instead, and UTF-8 as your HTML charset. Best regards, -- Daniel PostgreSQL-powered mail user agent and storage: http://www.manitou-mail.org
В списке pgsql-general по дате отправления: