LWN.net Logo

Eliminating the problem

Eliminating the problem

Posted Jun 9, 2006 9:03 UTC (Fri) by aquasync (subscriber, #26654)
In reply to: Eliminating the problem by ncm
Parent article: SQL injection vulnerabilities in PostgreSQL

Exactly, this seems a lot safer to me.
Perl's quotemeta function works in this way, (``all characters not matching "/[A-Za-z_0-9]/" will be preceded by a backslash...''), and provided SQL's string escapes work in a similar way, there should be no problems.


(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds