"Merlin Moncure" <[EMAIL PROTECTED]> writes:
> On 9 May 2006 17:04:31 -0700, Karen Hill <[EMAIL PROTECTED]> wrote:
>> Is my understanding correct that the following is vulnerable to SQL
>> injection in psql:
> ...
> no, IMO this is the safest and best option.
Neither of the options that Karen show
On 9 May 2006 17:04:31 -0700, Karen Hill <[EMAIL PROTECTED]> wrote:
Is my understanding correct that the following is vulnerable to SQL
injection in psql:
CREATE OR REPLACE FUNCTION fx ( my_var bchar)
RETURNS void AS
$$
BEGIN
INSERT INTO fx VALUES ( my_var ) ;
END;
$$
LANGUAGE 'plpgsql' VOLATILE
Is my understanding correct that the following is vulnerable to SQL
injection in psql:
CREATE OR REPLACE FUNCTION fx ( my_var bchar)
RETURNS void AS
$$
BEGIN
INSERT INTO fx VALUES ( my_var ) ;
END;
$$
LANGUAGE 'plpgsql' VOLATILE
Where this is NOT subject to SQL injection:
CREATE OR REPLACE FUNCT
