Home > mailing lists

Re: SQL injection - Mailing list pgsql-general

From	Matthew Terenzio
Subject	Re: SQL injection
Date	November 2, 2005 23:09:10
Msg-id	767911e873f98ba28df3c639f738ec3f@jobsforge.com Whole thread Raw
In response to	Re: SQL injection (Michael Glaesemann <grzm@myrealbox.com>)
Responses	Re: SQL injection (Alex Turner <armtuk@gmail.com>)
List	pgsql-general

Tree view

On Nov 2, 2005, at 6:08 PM, Michael Glaesemann wrote:

> As an aside, it's interesting to see that the PHP documentation states:
> ---
> Magic Quotes is a process that automagically escapes incoming data to
> the PHP script. It's preferred to code with magic quotes off and to
> instead escape the data at runtime, as needed.
Haven't been totally immersed in this thread but here are reasons given
for not using Magic Quotes:

http://us2.php.net/manual/en/security.magicquotes.whynot.php

And here is pg_escape_string() :

http://us3.php.net/manual/en/function.pg-escape-string.php

pgsql-general by date:

From: Patrick Hatcher
Date: 02 November 2005, 22:58:46
Subject: Re: Data Dictionary generator?

From: Tom Lane
Date: 02 November 2005, 23:12:37
Subject: Re: Lock Modes (Documentation)

Re: SQL injection - Mailing list pgsql-general

Previous

Next