Re: Printf and quoting in general, SQL injection in particular

help-gnu-emacs

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Printf and quoting in general, SQL injection in particular

From:	Emanuel Berg
Subject:	Re: Printf and quoting in general, SQL injection in particular
Date:	Sat, 26 Jun 2021 08:50:58 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/28.0.50 (gnu/linux)

Jean Louis wrote:

>>> I am thinking how can I make it safer for SQL queries.
>> 
>> SQL injection isn't avoided by not assembling queries with
>> string functions but by quoting user input.
>
> It is impossible in `emacs-libpq' package to avoid
> formatting strings and passing it to database.
>
> What is possible is to minimize it so that users' input is
> automatically quoted by the database by passing it as
> parameters instead of passing data as parameters to `format'
> [...]

Relax, this notion that you shouldn't construct file paths by
string functions, nor SQL queries for that matter, and what
more? hyperlinks? or are you allowed to do that?

These opinions are "arguably" correct at best - and that means
some people will insist (argue) they are. And maybe that's
what's happening right now?

-- 
underground experts united
https://dataswamp.org/~incal

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Emacs Modular Configuration: the preferable way., (continued)

Prev by Date: Re: Printf and quoting in general, SQL injection in particular [was: Emacs Modular Configuration: the preferable way]
Next by Date: Re: Emacs Modular Configuration: the preferable way.
Previous by thread: Re: Printf and quoting in general, SQL injection in particular
Next by thread: Re: Printf and quoting in general, SQL injection in particular
Index(es):
- Date
- Thread