Home > mailing lists

Effectiveness of pg_escape_string at blocking SQL injection attacks - Mailing list pgsql-php

From	Ed Finkler
Subject	Effectiveness of pg_escape_string at blocking SQL injection attacks
Date	May 27, 2005 15:57:12
Msg-id	4297435C.20605@cerias.purdue.edu Whole thread Raw
Responses	Re: Effectiveness of pg_escape_string at blocking SQL injection attacks (Bruno Wolff III <bruno@wolff.to>) Re: Effectiveness of pg_escape_string at blocking SQL injection attacks (Volkan YAZICI <volkan.yazici@gmail.com>) Re: Effectiveness of pg_escape_string at blocking SQL injection attacks (Volkan YAZICI <volkan.yazici@gmail.com>)
List	pgsql-php

Tree view

Folks,

The php mysql api has a function "mysql_real_escape_string" that seems
to be able to thwart known SQL injection attacks -- at least the ones of
which I and other people I've discussed this with know.  I am curious to
know if pg_escape_string is as effective.  If not, what would need to be
modified to make it more effective?

(there is a possibility that I may be able to get a grad student to work
  on this at the center, so detailed responses would be appreciated.)

Thanks!

--
Ed Finkler
Web and Security Archive Administrator
CERIAS - Purdue University
http://www.cerias.purdue.edu/
v: 765.496.6762  f: 764.496.3181

pgsql-php by date:

From: Volkan YAZICI
Date: 18 May 2005, 11:46:32
Subject: Re: php5 and Pg 8.0.3 install from sources - problem

From: Bruno Wolff III
Date: 27 May 2005, 16:00:48
Subject: Re: Effectiveness of pg_escape_string at blocking SQL injection attacks

Effectiveness of pg_escape_string at blocking SQL injection attacks - Mailing list pgsql-php

Previous

Next