Home > mailing lists

Re: Escaping strings for inclusion into SQL queries - Mailing list pgsql-hackers

From	Florian Weimer
Subject	Re: Escaping strings for inclusion into SQL queries
Date	August 30, 2001 09:21:44
Msg-id	[email protected] Whole thread Raw
In response to	Escaping strings for inclusion into SQL queries (Florian Weimer <[email protected]>)
Responses	Re: Escaping strings for inclusion into SQL queries
List	pgsql-hackers

Tree view

Florian Weimer <[email protected]> writes:

> We therefore suggest that a string escaping function is included in a
> future version of PostgreSQL and libpq.  A sample implementation is
> provided below, along with documentation.

We have now released a description of the problems which occur when a
string escaping function is not used:

http://cert.uni-stuttgart.de/advisories/apache_auth.php

What further steps are required to make the suggested patch part of
the official libpq library?

Thanks,
-- 
Florian Weimer                       [email protected]
University of Stuttgart           http://cert.uni-stuttgart.de/
RUS-CERT                          +49-711-685-5973/fax +49-711-685-5898

pgsql-hackers by date:

From: Jon Lapham
Date: 30 August 2001, 08:37:39
Subject: Re: Odd rule behavior?

From: Hannu Krosing
Date: 30 August 2001, 10:19:39
Subject: Re: Re: Toast,bytea, Text -blob all confusing

Re: Escaping strings for inclusion into SQL queries - Mailing list pgsql-hackers

Previous

Next