Home > mailing lists

Re: SQL injection - Mailing list pgsql-general

From	Hannes Dorbath
Subject	Re: SQL injection
Date	November 3, 2005 09:55:14
Msg-id	dkcqab$8v4$1@news.hub.org Whole thread Raw
In response to	Re: SQL injection (Alex Turner <armtuk@gmail.com>)
Responses	Re: SQL injection Re: SQL injection
List	pgsql-general

Tree view

On 03.11.2005 04:12, Alex Turner wrote:
> I would have to say that for security purposes - I would want magic
> quotes _on_ rather than off for the whole reasons of SQL Injection
> that we already talked about.

magic_quotes is evil and does if anything only prevent the simplest
cases of SQL injections. Keep it turned off. Use
http://php.net/pg_query_params exclusively to build secure queries..

--
Regards,
Hannes Dorbath

pgsql-general by date:

From: Lincoln Yeoh
Date: 03 November 2005, 09:09:59
Subject: Re: mysql replace in postgreSQL?

From: "Sim Zacks"
Date: 03 November 2005, 10:34:25
Subject: left join a parenthesised inner join group

Re: SQL injection - Mailing list pgsql-general

Previous

Next