Alvar Freude <[EMAIL PROTECTED]> writes: >> What about checking the input for backslash, quote, >> and double quote (\'")? If you are not taking care of those in input >> then crashing the backend is going to be the least of your worries. > > with Perl and *using placeholders and bind values*, the application > developer has not to worry about this. So, usually I don't check the > values in my applications (e.g. if only values between 1 and 5 are > allowed and under normal circumstances only these are possible), it's the > task of the database (check constraint).
That's the idea. It's the job of the database to guarantee data integrety. Obviously, the PostgreSQL developers disagree. If I've got to do all checking in the application anyway, I can almost use MySQL instead. ;-) -- Florian Weimer [EMAIL PROTECTED] University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ RUS-CERT fax +49-711-685-5898 ---------------------------(end of broadcast)--------------------------- TIP 2: you can get off all lists at once with the unregister command (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED])
