[Please don't top post as it makes the discussion more difficult to
follow.]
On Aug 20, 2007, at 13:21 , Andrew Edson wrote:
The dollar quoting appears to have fixed it; thank you. I
apologize for my folly in sending out the original message.
I think this might be giving you a false sense of security. It looks
like I wasn't the only one to think you're probably doing something
unsafe. If you're interested in improving your code to make sure this
can never be a problem, look into bind variables (and prepared
statements). If you're directly interpolating variables into a query
string, you're just asking for trouble, regardless of what quoting
method you're using.
Michael Glaesemann
grzm seespotcode net
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
