Re: [UDD] Changing aux.py to fix quoting

To: Debian QA List <debian-qa@lists.debian.org>
Subject: Re: [UDD] Changing aux.py to fix quoting
From: Paul Wise <pabs@debian.org>
Date: Sat, 4 Feb 2012 17:05:27 +0800
Message-id: <[🔎] CAKTje6HthDv6m=y+0QHHQzHzmFJzj-18=N_E2onWnXHTTDmxUA@mail.gmail.com>
In-reply-to: <[🔎] 20120204084656.GC21962@an3as.eu>
References: <[🔎] 20120204084656.GC21962@an3as.eu>

On Sat, Feb 4, 2012 at 4:46 PM, Andreas Tille wrote:

> since I switched to PostgreSQL 9.1 I realised that quoting "'"
> characters does not work any mory by escaping it using "\" signs.
> I wonder, how at all aux.py could work for others.  Because I have
> the feeling that I missed something I'm just asking for comments
> for the following patch to not break any UDD application.
>
> So what do you think about this which is needed *at my machine running
> testing*:

Sounds like you want to be using prepared statements, otherwise you
risk SQL injections.

-- 
bye,
pabs

http://wiki.debian.org/PaulWise

Reply to:

Follow-Ups:
- Re: [UDD] Changing aux.py to fix quoting
  - From: Andreas Tille <andreas@an3as.eu>

References:
- [UDD] Changing aux.py to fix quoting
  - From: Andreas Tille <andreas@an3as.eu>

Prev by Date: [UDD] Changing aux.py to fix quoting
Next by Date: Re: [UDD] Changing aux.py to fix quoting
Previous by thread: [UDD] Changing aux.py to fix quoting
Next by thread: Re: [UDD] Changing aux.py to fix quoting
Index(es):
- Date
- Thread