Re: how to preserve \n in select statement

Поиск
Список
Период
Сортировка
От Matt Van Mater
Тема Re: how to preserve \n in select statement
Дата
Msg-id BAY9-F42t0CI76rOJhK00098f93@hotmail.com
обсуждение исходный текст
Ответ на how to preserve \n in select statement  ("Matt Van Mater" <nutter_@hotmail.com>)
Ответы Re: how to preserve \n in select statement  (Tom Lane <tgl@sss.pgh.pa.us>)
Re: how to preserve \n in select statement  (Richard Huxton <dev@archonet.com>)
Список pgsql-sql
>Because you are using an input syntax that requires that quotes and
>backslashes be escaped.  There are other input methods available that
>don't require this, but they have disadvantages of their own.  In
>particular, you have to separate data from SQL command if you want a
>no-escape-processing behavior for data.

right, I was looking for the alternate input methods that you allude to.  I 
have been unable to find an example of exactly how to do this.

> > I think this behavior stems from a security problem psql had a while
> > back where escape characters were being interpreted, and this may be
> > another instance of that functionality.

>Matt, you have no idea what you are talking about.

I readily admit that I didn't read much into it, but I think you are 
mistaken.  If you look at the following links you will see that postgresql 
definitely had a vulnerability that allowed sql injection through the use of 
escape characters.  I was simply saying that this behavior might be a way of 
preventing that from happening again.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0802
http://cert.uni-stuttgart.de/doc/postgresql/escape/

_________________________________________________________________
Get dial-up Internet access now with our best offer: 6 months @$9.95/month!  
http://join.msn.com/?page=dept/dialup



В списке pgsql-sql по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: how to preserve \n in select statement
Следующее
От: Tom Lane
Дата:
Сообщение: Re: how to preserve \n in select statement