Search Postgresql Archives

Escaping `psql --variable`

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Surprised that this works:

     echo ":foo" | psql --variable foo="SELECT 1 AS FOO;"  template1

Why doesn't `psql` escape parameters passed in through `--variable`. When I use
a library in other languages, they will escape the variable.

How do I use `psql` from `bash` so that it will escape variables and thwart SQL
injection?

--
Alan Gutierrez - @bigeasy

-- 
Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-general
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux