Re: text column constraint, newbie question

Поиск
Список
Период
Сортировка
От Scott Marlowe
Тема Re: text column constraint, newbie question
Дата
Msg-id dcc563d10903230007i547d57d1y8057c6f11751af41@mail.gmail.com
обсуждение исходный текст
Ответ на Re: text column constraint, newbie question  (Stephen Cook <sclists@gmail.com>)
Ответы Re: text column constraint, newbie question  (David Wilson <david.t.wilson@gmail.com>)
Re: text column constraint, newbie question  (Ivan Sergio Borgonovo <mail@webthatworks.it>)
Re: text column constraint, newbie question  (David Fetter <david@fetter.org>)
Список pgsql-general
Дерево обсуждения 
On Mon, Mar 23, 2009 at 12:59 AM, Stephen Cook <sclists@gmail.com> wrote:
> You should use pg_query_params() rather than build a SQL statement in your
> code, to prevent SQL injection attacks. Also, if you are going to read this
> data back out and show it on a web page you probably should make sure there
> is no rogue HTML or JavaScript or anything in there with htmlentities() or
> somesuch.

Are you saying pg_quer_params is MORE effective than pg_escape_string
at deflecting SQL injection attacks?

В списке pgsql-general по дате отправления:

Предыдущее
От: Stephen Cook
Дата:
Сообщение: Re: text column constraint, newbie question
Следующее
От: David Wilson
Дата:
Сообщение: Re: text column constraint, newbie question