Hi Florian, You guys *definitely* write scarey code.
:-( Regards and best wishes, Justin Clift Florian Weimer wrote: > > Alvar Freude <[EMAIL PROTECTED]> writes: > > >> What about checking the input for backslash, quote, > >> and double quote (\'")? If you are not taking care of those in input > >> then crashing the backend is going to be the least of your worries. > > > > with Perl and *using placeholders and bind values*, the application > > developer has not to worry about this. So, usually I don't check the > > values in my applications (e.g. if only values between 1 and 5 are > > allowed and under normal circumstances only these are possible), it's the > > task of the database (check constraint). > > That's the idea. It's the job of the database to guarantee data > integrety. > > Obviously, the PostgreSQL developers disagree. If I've got to do all > checking in the application anyway, I can almost use MySQL > instead. ;-) > > -- > Florian Weimer [EMAIL PROTECTED] > University of Stuttgart http://CERT.Uni-Stuttgart.DE/people/fw/ > RUS-CERT fax +49-711-685-5898 > > ---------------------------(end of broadcast)--------------------------- > TIP 2: you can get off all lists at once with the unregister command > (send "unregister YourEmailAddressHere" to [EMAIL PROTECTED]) -- "My grandfather once told me that there are two kinds of people: those who work and those who take the credit. He told me to try to be in the first group; there was less competition there." - Indira Gandhi ---------------------------(end of broadcast)--------------------------- TIP 3: if posting/reading through Usenet, please send an appropriate subscribe-nomail command to [EMAIL PROTECTED] so that your message can get through to the mailing list cleanly
