Re: [GENERAL] Secure where in(a,b,c) clause.

Thanks for the replies, Rodrigo E. De León Plicet [EMAIL PROTECTED] wrote: Use a prepared query and ANY, e.g.: select st_collect(the_geom) from tiles where tilename = any('{foo,bar,baz}'); Thanks, that's what I was looking for! $sql = select uid, accredited as acc, x(the_geom), y(the_geom) from

Re: [GENERAL] Secure where in(a,b,c) clause.

Steve Atkins wrote: ... I count the number of values that I want to put in the IN () clause, then create a query string with the right number of bind variables in the in clause, then bind the values. So for {1, 3, 5} I'd use select * from foo where bar in (?, ?, ?) and for {1,5,7,9,11} I'd use

[GENERAL] Secure where in(a,b,c) clause.

Hi All I hope this isn't a FAQ, but does anyone have any suggestions as to how to make a query that selects using: where in(comma delimited list) secure from an sql injection point of view? I have grid of tiles I'm using to reference geographical points. These tiles are identical to the tiling

Re: [GENERAL] Secure where in(a,b,c) clause.

I hope this isn't a FAQ, but does anyone have any suggestions as to how to make a query that selects using: where in(comma delimited list) secure from an sql injection point of view? As the length of the comma delimited list is highly variable I don't think I can use a prepared query

Re: [GENERAL] Secure where in(a,b,c) clause.

On Thu, Apr 3, 2008 at 11:50 AM, William Temperley [EMAIL PROTECTED] wrote: This works very well, however I'm currently directly concatenating a sql query: select st_collect(the_geom) from tiles where tilename in (comma delimited list)) Which leaves my application vulnerable to sql

Re: [GENERAL] Secure where in(a,b,c) clause.

On Thu, Apr 3, 2008 at 9:50 AM, William Temperley [EMAIL PROTECTED] wrote: Hi All I hope this isn't a FAQ, but does anyone have any suggestions as to how to make a query that selects using: where in(comma delimited list) secure from an sql injection point of view? I have an idea, but I

Re: [GENERAL] Secure where in(a,b,c) clause.

On Apr 3, 2008, at 9:50 AM, William Temperley wrote: Hi All I hope this isn't a FAQ, but does anyone have any suggestions as to how to make a query that selects using: where in(comma delimited list) secure from an sql injection point of view? I have grid of tiles I'm using to reference

Re: [GENERAL] Secure where in(a,b,c) clause.

William Temperley wrote: Hi All I hope this isn't a FAQ, but does anyone have any suggestions as to how to make a query that selects using: where in(comma delimited list) secure from an sql injection point of view? I have grid of tiles I'm using to reference geographical points. These tiles