Re: Protection from SQL injection

On Tue, Apr 29, 2008 at 09:02:30PM -0400, Gregory Stark wrote:

> Did you guys miss Tom's comment up-thread? Postgres already does this if you
> use PQExecParams(). 

I did, yes.  Thanks for the clue.  OTOH, I do see the OP's point that
it'd be nice if the DBA could enforce this rule.  Maybe a way of
insisting on PQExecParams() instead of anything else?

A

-- 
Andrew Sullivan
ajs@commandprompt.com
+1 503 667 4564 x104
http://www.commandprompt.com/