On Sat, Mar 21, 2009 at 11:13 PM, RebeccaJ <rebeccaj@xxxxxxxxx> wrote: > Hi, > > I'm new to both PostgreSQL and web-based application development; I > read the FAQ at postgresql.org (perhaps this discussion group has > another FAQ that I haven't found yet?) and didn't see this addressed. > > I'm creating a table with a column of type text, to be used in a php > web application, where I'll be accepting user input for that text > field. Are there characters, maybe non-printing characters, or perhaps > even whole phrases, that could cause problems in my database or > application if I were to allow users to enter them into that column? > > If so, does anyone happen to have a regular expression handy that you > think is a good choice for text columns' CHECK constraint? Or maybe a > link to a discussion of this topic? Nope, there's nothing you can put into a text to break pgsql. However, if you are using regular old queries, you'd be advised to use pg_escape_string() function in php to prevent SQL injection attacks. -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
