Re: [UDD] Changing aux.py to fix quoting

To: debian-qa@lists.debian.org
Subject: Re: [UDD] Changing aux.py to fix quoting
From: Andreas Tille <andreas@an3as.eu>
Date: Sat, 4 Feb 2012 17:29:49 +0100
Message-id: <[🔎] 20120204162949.GA10578@an3as.eu>
In-reply-to: <[🔎] CAKTje6HthDv6m=y+0QHHQzHzmFJzj-18=N_E2onWnXHTTDmxUA@mail.gmail.com>
References: <[🔎] 20120204084656.GC21962@an3as.eu> <[🔎] CAKTje6HthDv6m=y+0QHHQzHzmFJzj-18=N_E2onWnXHTTDmxUA@mail.gmail.com>

On Sat, Feb 04, 2012 at 05:05:27PM +0800, Paul Wise wrote:
> On Sat, Feb 4, 2012 at 4:46 PM, Andreas Tille wrote:
> 
> > since I switched to PostgreSQL 9.1 I realised that quoting "'"
> > characters does not work any mory by escaping it using "\" signs.
> > I wonder, how at all aux.py could work for others.  Because I have
> > the feeling that I missed something I'm just asking for comments
> > for the following patch to not break any UDD application.
> >
> > So what do you think about this which is needed *at my machine running
> > testing*:
> 
> Sounds like you want to be using prepared statements, otherwise you
> risk SQL injections.

The quotation is actually used to feed strings into prepared statements.

Thanks for the hint anyway

        Andreas.

-- 
http://fam-tille.de

Reply to:

Follow-Ups:
- Re: [UDD] Changing aux.py to fix quoting
  - From: Paul Wise <pabs@debian.org>

References:
- [UDD] Changing aux.py to fix quoting
  - From: Andreas Tille <andreas@an3as.eu>
- Re: [UDD] Changing aux.py to fix quoting
  - From: Paul Wise <pabs@debian.org>

Prev by Date: Re: [UDD] Changing aux.py to fix quoting
Next by Date: Re: Description-less packages file
Previous by thread: Re: [UDD] Changing aux.py to fix quoting
Next by thread: Re: [UDD] Changing aux.py to fix quoting
Index(es):
- Date
- Thread