Re: Avoiding SQL injection in Dynamic Queries (in plpgsql)

Поиск
Список
Период
Сортировка
От Allan Kamau
Тема Re: Avoiding SQL injection in Dynamic Queries (in plpgsql)
Дата
Msg-id ab1ea6541003170206q63679f41g1d2340ea2e1e480d@mail.gmail.com
обсуждение исходный текст
Ответ на Re: Avoiding SQL injection in Dynamic Queries (in plpgsql)  (Craig Ringer <craig@postnewspapers.com.au>)
Список pgsql-general
Дерево обсуждения 
On Wed, Mar 17, 2010 at 11:41 AM, Craig Ringer
<craig@postnewspapers.com.au> wrote:
> Allan Kamau wrote:
>> When writing dynamic commands (those having "EXECUTE 'some SQL
>> query';), is there a way to prevent interpretation of input parameters
>> as pieces of SQL commands?
>
> EXECUTE ... USING
>
> --
> Craig Ringer
>

Thanks Craig, EXECUTE .. USING is what I had overlooked all this time.

В списке pgsql-general по дате отправления:

Предыдущее
От: Craig Ringer
Дата:
Сообщение: Re: Avoiding SQL injection in Dynamic Queries (in plpgsql)
Следующее
От: Herouth Maoz
Дата:
Сообщение: Re: stopping processes, preventing connections