On Fri, Dec 4, 2009 at 10:56 AM, Don Baccus <dhog...@pacifier.com> wrote: > On Dec 4, 2009, at 10:29 AM, Jeff Rogers wrote: >> >> Unfortunately the postgres driver doesn't protect against against dml >> injection. > > The bind variable emulation does. It essentially does the quoting that an > earlier poster recommended one do manually. > > No muss, no fuss...
The problem remains for other databases using the ns_db APIs. The quoting examples are general, but don't always work. Reason: some databases don't allow quoting numeric/integer types. Another problem is working with nulls. You can't quote null and postgresql distinguishes the empty string from null. tom jackson -- AOLserver - http://www.aolserver.com/ To Remove yourself from this list, simply send an email to <lists...@listserv.aol.com> with the body of "SIGNOFF AOLSERVER" in the email message. You can leave the Subject: field of your email blank.