Eliminating the problem
Posted Jun 9, 2006 9:03 UTC (Fri) by aquasync
In reply to: Eliminating the problem
Parent article: SQL injection vulnerabilities in PostgreSQL
Exactly, this seems a lot safer to me.
Perl's quotemeta function works in this way, (``all characters not matching "/[A-Za-z_0-9]/" will be preceded by a backslash...''), and provided SQL's string escapes work in a similar way, there should be no problems.
to post comments)