Re: Escaping strings for inclusion into SQL queries
| От | Florian Weimer |
|---|---|
| Тема | Re: Escaping strings for inclusion into SQL queries |
| Дата | |
| Msg-id | tgg0a9y983.fsf@mercury.rus.uni-stuttgart.de обсуждение исходный текст |
| Ответ на | Escaping strings for inclusion into SQL queries (Florian Weimer <Florian.Weimer@RUS.Uni-Stuttgart.DE>) |
| Ответы |
Re: Escaping strings for inclusion into SQL queries
|
| Список | pgsql-hackers |
Florian Weimer <Florian.Weimer@rus.uni-stuttgart.de> writes: > We therefore suggest that a string escaping function is included in a > future version of PostgreSQL and libpq. A sample implementation is > provided below, along with documentation. We have now released a description of the problems which occur when a string escaping function is not used: http://cert.uni-stuttgart.de/advisories/apache_auth.php What further steps are required to make the suggested patch part of the official libpq library? Thanks, -- Florian Weimer Florian.Weimer@RUS.Uni-Stuttgart.DE University of Stuttgart http://cert.uni-stuttgart.de/ RUS-CERT +49-711-685-5973/fax +49-711-685-5898
В списке pgsql-hackers по дате отправления: