Josh Berkus wrote: > As such, it would be nice to see DBMail gradual migrate away from the > use of \\ escapes.
DBMail-2.2 doesn't use \\ escaping, and hasn't done so for quite some time. All strings are escaped using PQescapeString and PQescapeBytea which I assume will produce safe queries. So in my understanding the postgres warning is a false positive. But - Josh - please correct me if I'm wrong. Anyway, in 2.3+ no more escaping is used at all. All insertions are done using parameter binding - that is, except for some numerical type insertions where the values come from a trusted source (internal). -- ________________________________________________________________ Paul Stevens paul at nfg.nl NET FACILITIES GROUP GPG/PGP: 1024D/11F8CD31 The Netherlands________________________________http://www.nfg.nl _______________________________________________ DBmail mailing list [email protected] https://mailman.fastxs.nl/mailman/listinfo/dbmail
