> How can we avoid this security risk using PHP & postgreSQL?.
Be sure to verify all input from the untrusted source is valid, andafter you do that, be sure to escape it using pg_escape_string() orpg_escape_bytea().