Home > mailing lists

Re: SQL injection, php and queueing multiple statement - Mailing list pgsql-general

From	Yasuo Ohgaki
Subject	Re: SQL injection, php and queueing multiple statement
Date	November 11, 2008 09:29:58
Msg-id	491955B5.6020707@ohgaki.net Whole thread Raw
In response to	SQL injection, php and queueing multiple statement (Ivan Sergio Borgonovo <mail@webthatworks.it>)
Responses	Re: SQL injection, php and queueing multiple statement
List	pgsql-general

Tree view

Developers,

It seems you are overlooking application user/system admin perspective.

I agree developers should use prepared statement, but application user or
system admins are not able to modify codes usually.

There are many PostgreSQL/MySQL applications that generating SQL statements.

MySQL's query API only allow single SQL statements at a time, while PostgreSQL
allows multiple statements. Therefore, MySQL users will likely to have less
impact from buggy codes compare to PostgreSQL users.

It would be nice to have API like PQquerySingle that allows only a single SQL
statement at a time.

--
Yasuo Ohgaki

pgsql-general by date:

From: "Sergey Konoplev"
Date: 11 November 2008, 09:27:12
Subject: Very slow queries w/ NOT IN preparation (seems like a bug, test case)

From: Diego Manilla Suárez
Date: 11 November 2008, 09:40:37
Subject: Question about weird construct

Re: SQL injection, php and queueing multiple statement - Mailing list pgsql-general

Previous

Next