Thomas Mueller wrote:
> Disabling literals is still the only way to actually protect from SQL
> injection. Except Meredith's libdejector, which is even a bit better
> as far as I see, but requires more work from the developer. I don't
> count Microsoft LINQ (or Java Quaere) currently because that would
> require a complete re-write of the application.
>
>
>

I honestly don't think there's any chance of this happening, for the
many good reasons previously covered in this debate.

cheers

andrew

--
Sent via pgsql-hackers mailing list (pgsql-hackers@postgresql.org)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers