Home > mailing lists

Re: entrance from php to postgresql - Mailing list pgsql-php

From	John DeSoi
Subject	Re: entrance from php to postgresql
Date	July 11, 2006 17:46:04
Msg-id	7EFA12A7-3CC7-49CC-AF2C-6AC681B33F7C@pgedit.com Whole thread Raw
In response to	entrance from php to postgresql (DCarrero <dcarreroc@gmail.com>)
Responses	Re: entrance from php to postgresql (DCarrero <dcarreroc@gmail.com>)
List	pgsql-php

Tree view

On Jul 11, 2006, at 1:23 PM, DCarrero wrote:

> I was asking if this useful, or secure to do a transaction on web, or
> you recomend use a function with parameters an inside this insert
> data, thank for the information too...

If you are inserting user entered data (especially from the web) I
highly recommend you use prepared statements. This will deal with
security issues related to SQL injection. I prefer to use functions,
but it is not necessary. Here is a short article I wrote which you
might find helpful in using prepared statements from PHP:

http://pgedit.com/resource/php/pgfuncall

John DeSoi, Ph.D.
http://pgedit.com/
Power Tools for PostgreSQL

pgsql-php by date:

From: John DeSoi
Date: 11 July 2006, 15:41:42
Subject: Re: entrance from php to postgresql

From: DCarrero
Date: 11 July 2006, 18:27:49
Subject: Re: entrance from php to postgresql

Re: entrance from php to postgresql - Mailing list pgsql-php

Previous

Next