> >> It's a classic story. I'm volunteering about one day per month for > >> this project, learning SQL as I go. Priority was always given to > the > >> "get it working" tasks and never the "make it safe" tasks. I > had/have > >> grandiose plans to rewrite the whole system properly after I > graduate. > >> Unfortunately, the inevitable corruption didn't wait that long. > > As you're learning, it sounds like parametrized queries might have > saved you > > from the sql injection that caused this. > > Very true, and always a good idea. However, OPs true failure here is > on the backup front. Without recent, reliable backups, on another > machine / media / datacenter etc. is the only way your data can be > truly safe. [Spotts, Christopher] Oh absolutely. Regardless of anything you do on the functional aspect, you'd still need backups. I was just saying that if you're eventually going to redesign (like mentioned), a nudge towards parameterized queries doesn't hurt. -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
