Hi, > providing a mode in which the server would reject PQexec strings containing > more than one query.
That wouldn't help a lot. The simple SQL injection is not detected: ResultSet rs = stat.executeQuery( "SELECT * FROM USERS WHERE PASSWORD='" + password + "'"); An attacker would only need to use the following password: ' OR 1=1 The the SQL statements is still only one query: SELECT * FROM USERS WHERE PASSWORD='' OR 1=1 Regards, Thomas -- Sent via pgsql-sql mailing list (pgsql-sql@postgresql.org) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-sql
