| From: | Robert Treat <xzilla(at)users(dot)sourceforge(dot)net> |
|---|---|
| To: | "Nigel J(dot) Andrews" <nandrews(at)investsystems(dot)co(dot)uk> |
| Cc: | Sir Mordred The Traitor <mordred(at)s-mail(dot)com>, pgsql-hackers(at)postgresql(dot)org |
| Subject: | Re: Little note to php coders |
| Date: | 2002-10-08 13:27:40 |
| Message-ID: | 1034083660.6801.1.camel@camel |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-hackers |
This is one of the reasons I usually recommend running with magic quotes
on, it provides a bit of insurance for those spots where your data
validation is not up to snuff.
Robert Treat
On Tue, 2002-10-08 at 06:11, Nigel J. Andrews wrote:
> On Tue, 8 Oct 2002, Sir Mordred The Traitor wrote:
>
> > Check out this link, if you need something to laugh at:
> > http://www.postgresql.org/idocs/index.php?1'
> >
> > Keeping in mind, that there are bunch of overflows in PostgreSQL(really?),
> > it is
> > very dangerous i guess. Right?
>
> I'm not sure what list this really fits onto so I've left as hackers.
>
> The old argument about data validation and whose job it is. However, is there a
> reason why all CGI parameters aren't scanned and rejected if they contain
> any punctuation. I was going to say if they contain anything non alphanumeric
> but then I'm not sure about internationalisation and that test.
>
>
> --
> Nigel J. Andrews
>
>
> ---------------------------(end of broadcast)---------------------------
> TIP 3: if posting/reading through Usenet, please send an appropriate
> subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
> message can get through to the mailing list cleanly
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Jan Wieck | 2002-10-08 13:32:50 | Re: Pinning a table into memory |
| Previous Message | Shridhar Daithankar | 2002-10-08 12:58:01 | Re: Hot Backup |