Because you are using an input syntax that requires that quotes and
backslashes be escaped. There are other input methods available that
don't require this, but they have disadvantages of their own. In
particular, you have to separate data from SQL command if you want a
no-escape-processing behavior for data.
right, I was looking for the alternate input methods that you allude to. I
have been unable to find an example of exactly how to do this.
> I think this behavior stems from a security problem psql had a while
> back where escape characters were being interpreted, and this may be
> another instance of that functionality.
Matt, you have no idea what you are talking about.
I readily admit that I didn't read much into it, but I think you are
mistaken. If you look at the following links you will see that postgresql
definitely had a vulnerability that allowed sql injection through the use of
escape characters. I was simply saying that this behavior might be a way of
preventing that from happening again.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0802
http://cert.uni-stuttgart.de/doc/postgresql/escape/
_
Get dial-up Internet access now with our best offer: 6 months @$9.95/month!
http://join.msn.com/?page=dept/dialup
---(end of broadcast)---
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to [EMAIL PROTECTED] so that your
message can get through to the mailing list cleanly
