Quick Links

Re: SQL injection, php and queueing multiple statement

From:	Tom Lane <tgl(at)sss(dot)pgh(dot)pa(dot)us>
To:	Ivan Sergio Borgonovo <mail(at)webthatworks(dot)it>
Cc:	pgsql-general(at)postgresql(dot)org
Subject:	Re: SQL injection, php and queueing multiple statement
Date:	2008-04-12 16:39:38
Message-ID:	16968.1208018378@sss.pgh.pa.us
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

Ivan Sergio Borgonovo <mail(at)webthatworks(dot)it> writes:
> I may sound naive but having a way to protect the DB from this kind
> of injections looks as a common problem, I'd thought there was
> already a common solution.

Use prepared statements.

regards, tom lane

In response to

Re: SQL injection, php and queueing multiple statement at 2008-04-12 16:20:36 from Ivan Sergio Borgonovo

Responses

Re: SQL injection, php and queueing multiple statement at 2008-04-12 18:17:31 from Ivan Sergio Borgonovo

Browse pgsql-general by date

	From	Date	Subject
Next Message	Dawid Kuroczko	2008-04-12 17:30:16	Re: Postgres on shared network drive
Previous Message	Ray Stell	2008-04-12 16:22:31	Re: PostgreSQL Processes on a linux box