Re: [UDD] Changing aux.py to fix quoting
On Sat, Feb 4, 2012 at 4:46 PM, Andreas Tille wrote:
> since I switched to PostgreSQL 9.1 I realised that quoting "'"
> characters does not work any mory by escaping it using "\" signs.
> I wonder, how at all aux.py could work for others. Because I have
> the feeling that I missed something I'm just asking for comments
> for the following patch to not break any UDD application.
>
> So what do you think about this which is needed *at my machine running
> testing*:
Sounds like you want to be using prepared statements, otherwise you
risk SQL injections.
--
bye,
pabs
http://wiki.debian.org/PaulWise
Reply to: