Search Postgresql Archives

Re: a stored procedure ..with integer as the parameter

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Title: Re: a stored procedure ..with integer as the parameter
My appliaction is in C++
 
and i am getting char* ..s which i need to insert into the table...and for insert i am calling a stored procedure.
 
But i need to form the call to the stored procedure with the above char*s as the argument.

 


From: Richard Huxton [mailto:dev@xxxxxxxxxxxx]
Sent: Wed 10/26/2005 12:40 PM
To: surabhi.ahuja
Cc: Tino Wildenhain; Stephan Szabo; pgsql-general@xxxxxxxxxxxxxx
Subject: Re: a stored procedure ..with integer as the parameter

***********************
Your mail has been scanned by InterScan VirusWall.
***********-***********


surabhi.ahuja wrote:
> what do u suggest i do then in that case?
> i mean how should i make a query - i mean how do i make a command?

You should always provide well-defined escaping to all data coming from
a non-trusted source (i.e. outside your application) and preferably to
all data in any case.

If you are using "C" then libpq offers functions to escape strings.
Almost all other languages offer something similar.

In general, I never use "raw" functions to build my queries, I have
wrapper functions that ensure all queries are well-formed.

What language are you using, and what framework?

--
   Richard Huxton
   Archonet Ltd



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux