On 1/11/2017 12:49 AM, Guyren Howe wrote:
would prevent an SQL injection from wrecking havoc.
sql injection is quite easy to avoid. always make parameterized queries, never use client supplied data to assemble a query with string concatenation.
voila, no injection possible. -- john r pierce, recycling bits in santa cruz -- Sent via pgsql-general mailing list (pgsql-general@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
