Re: SQL injection bug for null-terminated strings?

On Sun, 31 Aug 2003, joe user wrote:

> >From looking at some logs, it looks like there might
> be an SQL injection bug with null-terminated strings.
> Is this a known problem?  If it is not, I will try to
> write a test program to trigger it.
>

This has been fixed in the development version of the driver.

See the following, check revision 1.29


http://developer.postgresql.org/cvsweb.cgi/pgsql-server/src/interfaces/jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java

Kris Jurka