Home > mailing lists

Re: Effectiveness of pg_escape_string at blocking SQL injection - Mailing list pgsql-php

From
Subject	Re: Effectiveness of pg_escape_string at blocking SQL injection
Date	May 27, 2005 17:25:58
Msg-id	20050527172552.50460.qmail@web52409.mail.yahoo.com Whole thread Raw
Responses	Re: Effectiveness of pg_escape_string at blocking SQL injection
List	pgsql-php

Tree view

--- Ed Finkler <coj@cerias.purdue.edu> wrote:
> Volkan YAZICI wrote:
>
> [snip]
>
> > If you think, they're not enough for SQL-Injection
> attacks, I'd advice
> > you to patch libpq code, not PHP.
>
> This is very helpful information.  My initial
> thinking is that this
> wouldn't be effective at catching SQL injections,
> but I'll need to
> bounce this off a few other folks.
>
> Thanks!

do let us all know what you find out.

bruno and all...  what are bind parameters?  how can i
avoid building sql from user input when my sql depends
on user input?

tia...

__________________________________
Do you Yahoo!?
Yahoo! Small Business - Try our new Resources site
http://smallbusiness.yahoo.com/resources/

pgsql-php by date:

From: Ed Finkler
Date: 27 May 2005, 16:33:20
Subject: Re: Effectiveness of pg_escape_string at blocking SQL injection

From: Bruno Wolff III
Date: 27 May 2005, 18:15:02
Subject: Re: Effectiveness of pg_escape_string at blocking SQL injection

Re: Effectiveness of pg_escape_string at blocking SQL injection - Mailing list pgsql-php

Previous

Next