Re: Escaping strings for inclusion into SQL queries

Поиск
Список
Период
Сортировка
От Florian Weimer
Тема Re: Escaping strings for inclusion into SQL queries
Дата
Msg-id tgg0a9y983.fsf@mercury.rus.uni-stuttgart.de
обсуждение исходный текст
Ответ на Escaping strings for inclusion into SQL queries  (Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE>)
Ответы Re: Escaping strings for inclusion into SQL queries  (Bruce Momjian <pgman@candle.pha.pa.us>)
Список pgsql-hackers
Дерево обсуждения 
Florian Weimer <Florian.Weimer@rus.uni-stuttgart.de> writes:

> We therefore suggest that a string escaping function is included in a
> future version of PostgreSQL and libpq.  A sample implementation is
> provided below, along with documentation.

We have now released a description of the problems which occur when a
string escaping function is not used:

http://cert.uni-stuttgart.de/advisories/apache_auth.php

What further steps are required to make the suggested patch part of
the official libpq library?

Thanks,
-- 
Florian Weimer                       Florian.Weimer@RUS.Uni-Stuttgart.DE
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

В списке pgsql-hackers по дате отправления:

Предыдущее
От: Jon Lapham
Дата:
Сообщение: Re: Odd rule behavior?
Следующее
От: Hannu Krosing
Дата:
Сообщение: Re: Re: Toast,bytea, Text -blob all confusing