Paul,
DBMail-2.2 doesn't use \\ escaping, and hasn't done so for quite some time. All strings are escaped using PQescapeString and PQescapeBytea which I assume will produce safe queries. So in my understanding the postgres warning is a false positive. But - Josh - please correct me if I'm wrong.
Could be. Windows filenames tend to produce false positives, if nothing else. Also, it's possible that the user is using 8.3 as the database, but DBI is still bound to an older version of libpq. Worth checking.
Anyway, in 2.3+ no more escaping is used at all. All insertions are done using parameter binding - that is, except for some numerical type insertions where the values come from a trusted source (internal).
Glad to hear it. You're way ahead of the curve. --Josh _______________________________________________ DBmail mailing list [email protected] https://mailman.fastxs.nl/mailman/listinfo/dbmail
