Home > mailing lists

Re: Effectiveness of pg_escape_string at blocking SQL injection - Mailing list pgsql-php

From	Ed Finkler
Subject	Re: Effectiveness of pg_escape_string at blocking SQL injection
Date	May 27, 2005 16:33:20
Msg-id	42974BDD.8040807@cerias.purdue.edu Whole thread Raw
In response to	Re: Effectiveness of pg_escape_string at blocking SQL injection attacks (Volkan YAZICI <volkan.yazici@gmail.com>)
Responses	Re: Effectiveness of pg_escape_string at blocking SQL (Andrew McMillan <andrew@catalyst.net.nz>)
List	pgsql-php

Tree view

Volkan YAZICI wrote:

[snip]

> If you think, they're not enough for SQL-Injection attacks, I'd advice
> you to patch libpq code, not PHP.

This is very helpful information.  My initial thinking is that this
wouldn't be effective at catching SQL injections, but I'll need to
bounce this off a few other folks.

Thanks!

--
Ed Finkler
Web and Security Archive Administrator
CERIAS - Purdue University
http://www.cerias.purdue.edu/
v: 765.496.6762  f: 764.496.3181

pgsql-php by date:

From: Volkan YAZICI
Date: 27 May 2005, 16:26:12
Subject: Re: Effectiveness of pg_escape_string at blocking SQL injection attacks

From:
Date: 27 May 2005, 17:25:58
Subject: Re: Effectiveness of pg_escape_string at blocking SQL injection

Re: Effectiveness of pg_escape_string at blocking SQL injection - Mailing list pgsql-php

Previous

Next