Re: Protection from SQL injection
| От | Gregory Stark |
|---|---|
| Тема | Re: Protection from SQL injection |
| Дата | |
| Msg-id | 87zlrcf93t.fsf@oxford.xeocode.com обсуждение |
| Ответ на | Re: Protection from SQL injection (Josh Berkus <josh@agliodbs.com>) |
| Ответы |
Re: Protection from SQL injection
Re: Protection from SQL injection |
| Список | pgsql-hackers |
"Josh Berkus" <josh@agliodbs.com> writes: >> (I sort of like the >> suggestion up-thread, myself, which is to have a GUC that disables >> multi-statement commands. That'd probably cover a huge number of >> cases, and combined with some sensible quoting rules in client >> libraries, would quite possibly be enough.) > > MySQL did this already. Did you guys miss Tom's comment up-thread? Postgres already does this if you use PQExecParams(). -- Gregory Stark EnterpriseDB http://www.enterprisedb.com Ask me about EnterpriseDB's Slony Replication support!
В списке pgsql-hackers по дате отправления: