Re: Protection from SQL injection

Поиск
Список
Период
Сортировка
От Gregory Stark
Тема Re: Protection from SQL injection
Дата
Msg-id 87zlrcf93t.fsf@oxford.xeocode.com
обсуждение исходный текст
Ответ на Re: Protection from SQL injection  (Josh Berkus <josh@agliodbs.com>)
Ответы Re: Protection from SQL injection  (Josh Berkus <josh@agliodbs.com>)
Re: Protection from SQL injection  (Andrew Sullivan <ajs@commandprompt.com>)
Список pgsql-hackers
Дерево обсуждения 
"Josh Berkus" <josh@agliodbs.com> writes:

>> (I sort of like the
>> suggestion up-thread, myself, which is to have a GUC that disables
>> multi-statement commands.  That'd probably cover a huge number of
>> cases, and combined with some sensible quoting rules in client
>> libraries, would quite possibly be enough.)
>
> MySQL did this already.

Did you guys miss Tom's comment up-thread? Postgres already does this if you
use PQExecParams().

--  Gregory Stark EnterpriseDB          http://www.enterprisedb.com Ask me about EnterpriseDB's Slony Replication
support!

В списке pgsql-hackers по дате отправления:

Предыдущее
От: "Gurjeet Singh"
Дата:
Сообщение: Re: Protection from SQL injection
Следующее
От: Josh Berkus
Дата:
Сообщение: Re: Protection from SQL injection