Reply to post: Re: Not security issues

About half of Python libraries in PyPI may have security issues, boffins say

unimaginative

Re: Not security issues

It does quoting in the literal sense, i.e. adding quotation marks around a string:

https://www.psycopg.org/docs/usage.html#query-parameters

I think you are right regarding escaping the string - using a postgres library intended to use in the client rather than sending anything to the server.

I assume the server then does further work when using the values where the placeholders are, but I have not real idea of what is going on there. I am afraid I use RDBMSes as magic black boxes and know very little about internals.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021