Home > mailing lists

SQL injection, php and queueing multiple statement - Mailing list pgsql-general

From	Ivan Sergio Borgonovo
Subject	SQL injection, php and queueing multiple statement
Date	April 11, 2008 19:21:38
Msg-id	20080411212128.6c6bcb2d@webthatworks.it Whole thread Raw
Responses	Re: SQL injection, php and queueing multiple statement ("Adam Rich" <adam.r@sbcglobal.net>) Re: SQL injection, php and queueing multiple statement ("Dawid Kuroczko" <qnex42@gmail.com>) Re: SQL injection, php and queueing multiple statement (Yasuo Ohgaki <yohgaki@ohgaki.net>)
List	pgsql-general

Tree view

Is there a switch (php side or pg side) to avoid things like:

pg_query("select id from table1 where a=$i");

into becoming

pg_query("select id from table1 where a=1 and 1=1; do something
nasty; -- ");

So that every
pg_query(...) can contain no more than one statement?

thanks

--
Ivan Sergio Borgonovo
http://www.webthatworks.it

pgsql-general by date:

From: Oleg Bartunov
Date: 11 April 2008, 18:07:22
Subject: Re: tsearch2 and hyphenated terms

From: "Adam Rich"
Date: 11 April 2008, 19:27:10
Subject: Re: SQL injection, php and queueing multiple statement

SQL injection, php and queueing multiple statement - Mailing list pgsql-general

Previous

Next