Skip to content

Does pgx implement a way to prevent SQL Injections? #2099

Answered by jackc
DanielCoder834 asked this question in Q&A
Discussion options

You must be logged in to vote

Yes, if you are using $1, $2, etc. then SQL injection is prevented. pgx uses the PostgreSQL extended protocol / prepared statements by default where the SQL string and the arguments are passed separately to the PostgreSQL database. When using the simple protocol, pgx handles variable sanitization and interpolation.

Replies: 1 comment 3 replies

Comment options

You must be logged in to vote
3 replies
@DanielCoder834
Comment options

@jackc
Comment options

jackc Aug 6, 2024
Maintainer

@DanielCoder834
Comment options

Answer selected by DanielCoder834
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants