ase...
regards
Iain
- Original Message -
From: "Richard Huxton" <[EMAIL PROTECTED]>
To: "Denis" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Monday, December 22, 2003 7:48 PM
Subject: Re: [SQL] how to preserve \n in select statement
> On Monday 22
On Monday 22 December 2003 09:37, Denis wrote:
> Hi Richard..
>
> If your users are required to fire only SELECT and no DML, you can do the
> following:
>
> BEGIN;
> execute the statements given by user
> ROLLBACK;
>
> This will not affect your SELECT and also if any malicious user gives
> DELETE s
- Original Message -
From: "Richard Huxton" <[EMAIL PROTECTED]>
To: "Matt Van Mater" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, December 22, 2003 2:34 PM
Subject: Re: [SQL] how to preserve \n in select stat
On Saturday 20 December 2003 17:58, Matt Van Mater wrote:
>
> I readily admit that I didn't read much into it, but I think you are
> mistaken. If you look at the following links you will see that postgresql
> definitely had a vulnerability that allowed sql injection through the use
> of escape cha
"Matt Van Mater" <[EMAIL PROTECTED]> writes:
>> In particular, you have to separate data from SQL command if you want a
>> no-escape-processing behavior for data.
> right, I was looking for the alternate input methods that you allude to. I
> have been unable to find an example of exactly how to
Because you are using an input syntax that requires that quotes and
backslashes be escaped. There are other input methods available that
don't require this, but they have disadvantages of their own. In
particular, you have to separate data from SQL command if you want a
no-escape-processing behav
"Matt Van Mater" <[EMAIL PROTECTED]> writes:
> I just don't see why pgsql can't return my data exactly as I entered
> it.
Because you are using an input syntax that requires that quotes and
backslashes be escaped. There are other input methods available that
don't require this, but they have disa
and this may be another instance of that
functionality.
Original Message Follows
From: Bruno Wolff III <[EMAIL PROTECTED]>
To: Matt Van Mater <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED]
Subject: Re: [SQL] how to preserve \n in select statement
Date: Fri, 19 Dec 2003 15:26:07 -0600
On F
On Fri, Dec 19, 2003 at 10:06:28 -0500,
Matt Van Mater <[EMAIL PROTECTED]> wrote:
> I have a table that has a few text value types, and I enter a bunch of text
> with '\n' representing a newline. When I select the records from that
> table, postgresql 7.3 represents those \n as newlines and ac
an Mater <[EMAIL PROTECTED]>
Subject: Re: [SQL] how to preserve \n in select statement
Date: Fri, 19 Dec 2003 08:43:59 -0700
What are you using to enter and retrieve the data?
Either escape the data before you put it in the database or when you retieve
it, whichever gives you the results you are
I have a table that has a few text value types, and I enter a bunch of text
with '\n' representing a newline. When I select the records from that
table, postgresql 7.3 represents those \n as newlines and actually outputs
the a newline rather than as a \n as entered. I want to be able to get my
11 matches
Mail list logo
