Am 03.03.2012 21:18, schrieb Michael Bell: > 1. Every string in the database is a string without escape characters. > "...\,..." is a backslash and comma.
Just a question: how about a string which contains % or _? Do we protect SQL's like against such injections? > 3.3. What is with the other databases? Is it really so easy? Oracle has no default escape character but supports the same syntax like PostgreSQL to set an escape character. http://docs.oracle.com/cd/B10501_01/server.920/a96540/conditions10a.htm#1041580 So the driver for Oracle can be ignored :) Best regards Michael -- ___________________________________________________________________ Michael Bell Humboldt-Universitaet zu Berlin Tel.: +49 (0)30-2093 70143 ZE Computer- und Medienservice Fax: +49 (0)30-2093 70135 Unter den Linden 6 [email protected] D-10099 Berlin ___________________________________________________________________ PGP Fingerprint: 09E4 3D29 4156 2774 0F2C C643 D8BD 1918 2030 5AAB
smime.p7s
Description: S/MIME Kryptografische Unterschrift
------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/
_______________________________________________ OpenXPKI-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-devel
