Re: HIPPA (was Re: Anyone know ...) - Mailing list pgsql-general

From Kevin Hunter
Subject Re: HIPPA (was Re: Anyone know ...)
Date
Msg-id 45F1AA9B.3070001@earlham.edu
Whole thread Raw
In response to Re: HIPPA (was Re: Anyone know ...)  (Kenneth Downs <ken@secdat.com>)
Responses Re: HIPPA (was Re: Anyone know ...)
List pgsql-general
>> What about an SQL injection bug that allows for increased privileges?
>
> Um, web programming 101 is that you escape quotes on user-supplied
> inputs.  That ends SQL injection.

Pardon my naivete (I'm fairly new to web/DB programming) . . . is this
the current standard method of protection from SQL injection?  How does
it compare to SQL preparation with bound variables?

Kevin

pgsql-general by date:

Previous
From: "Martin Gainty"
Date:
Subject: Re: PostgreSQL to Oracle
Next
From: Richard Broersma Jr
Date:
Subject: Re: Sw to generate ER model