Fix to prevent SQL injection attacks when calling setObject(int,Object,int)
Barry Lind <barry@xythos.com>
Fix to prevent SQL injection attacks when calling setObject(int,Object,int) where the Object is a String and the type is numeric (i.e. INTEGER,LONG,etc). The fix applies the standard escaping for these values. Modified Files: Tag: REL7_3_STABLE jdbc/org/postgresql/Driver.java.in jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java
Files
| Path | Change | +/− |
|---|---|---|
| src/interfaces/jdbc/org/postgresql/Driver.java.in | modified | +1 −1 |
| src/interfaces/jdbc/org/postgresql/jdbc1/AbstractJdbc1Statement.java | modified | +31 −20 |