"Thomas Mueller" <[EMAIL PROTECTED]> writes:
> SET ALLOW_LITERALS NONE;
I think you missed April Fool's Day...
This is just silly, as it makes life impossibly painful for users
(constants are hardly a useless part of SQL) and it doesn't really
plug any holes. As an example:
select * from tab where intcol = intcol; delete from tab;
contains no literals and yet the delete is very probably injected.
regards, tom lane
--
Sent via pgsql-sql mailing list (pgsql-sql@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-sql
