On 2010-05-30, Martin Gainty wrote:
> i have mixed feelings about parameterised statements.
>
> On the one hand a parameterised statement would be more
> difficult for a Wireshark criminal to insert their own c**p
> into a database because they would have to know the schema
> a-priori for exampl
Heyho!
On Monday 31 May 2010 04.18:04 Dennis Gearon wrote:
> One thing, can prepared statements be done, including the 'execute',
> inside of a transaction, and what are the side effects?
Semantically, the statement is exactly like a "not prepared" statement: it
happens at execute time, the rest
e:
> From: Tom Lane
> Subject: Re: [GENERAL] vulnerability of COPY command
> To: "Pavel Stehule"
> Cc: "Dennis Gearon" , pgsql-general@postgresql.org
> Date: Sunday, May 30, 2010, 7:14 AM
> Pavel Stehule
> writes:
> > 2010/5/30 Dennis Gearon :
>
Pavel Stehule writes:
> 2010/5/30 Dennis Gearon :
>> If I build a text based, COPY file for bulk purposes, to be input via the
>> command line, is Postgres vulnerable to SQL injection from that?
> SQL database cannot be injected via NON SQL statemenst like COPY.
Well, that depends. If you cons
cilement
être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité
pour le contenu fourni.
> Date: Sat, 29 May 2010 22:41:04 -0700
> From: gear...@sbcglobal.net
> Subject: [GENERAL] vulnerability of COPY command
> To: pgsql-general@postgresql.org
>
>
Hello
2010/5/30 Dennis Gearon :
> I'm trying to build a way to bulk load from a script to a Dbase, postgres.
>
> Using single, parameterized statements is a pretty good defense against SQL
> injection, so I use Symfony as the main user input.
>
> But for this bulk loading, it's tooo slow.
Ma
I'm trying to build a way to bulk load from a script to a Dbase, postgres.
Using single, parameterized statements is a pretty good defense against SQL
injection, so I use Symfony as the main user input.
But for this bulk loading, it's tooo slow.
If I build a text based, COPY file for bulk p
