Search Postgresql Archives

Re: Perspective: PostgreSQL usage boon after release of

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Tony Caduto wrote:
Ken Johanson wrote:
Most of the corp folks I know who have tried using PG to augment or replacement a commercial offering just tend to silently pause and wait for this change.. that why this topic isn't really heard very often. It's like going to a car lot to buy a SUV, but they don't have any within sight.. the perspective buyer just moves on without saying anything.


I have converted databases from other DBs such as MS SQL server and never had a problem with string escaping, can you please post a example of what you mean? Do you mean inside of functions?

Well for a simple (for brevity) example, when you compile a query (not via prepared stmts/argument based compilation) that takes user input, how do you handle both backslashes and single-quotes? In practice the way of doing this is quite different between pg and a iso-compliant db, otherwise you have either code injection, or superfluous backslashes..

"SELECT firstName FROM tbl WHERE lastName = '"+toSql(userInput)+"' "

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux