Has anyone seen/used this:
http://www.zend.com/codex.php?CID=324
It looks fairly inoccuous. It also claims to not load an entire dataset into
memory, i.e. uses cursors but I don't see where they're used, unless its
inherent in the PHP Pg interface.
One thing that always gets me is why people think quoting the ' in a string is
a security feature when they don't allow for someone giving \' in the
string. On the other hand I'm never sure how to protect against such 'odd
number of escapes' attacks. Anyone got any clues? Does PQescape do it?
--
Nigel Andrews
