SQL injection, php and queueing multiple statement

From: Ivan Sergio Borgonovo <mail(at)webthatworks(dot)it>
To: pgsql-general(at)postgresql(dot)org
Subject: SQL injection, php and queueing multiple statement
Date: 2008-04-11 19:21:28
Message-ID: 20080411212128.6c6bcb2d@webthatworks.it
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-general

Is there a switch (php side or pg side) to avoid things like:

pg_query("select id from table1 where a=$i");

into becoming

pg_query("select id from table1 where a=1 and 1=1; do something
nasty; -- ");

So that every
pg_query(...) can contain no more than one statement?

thanks

--
Ivan Sergio Borgonovo
http://www.webthatworks.it

Responses

Browse pgsql-general by date

  From Date Subject
Next Message Adam Rich 2008-04-11 19:27:09 Re: SQL injection, php and queueing multiple statement
Previous Message Oleg Bartunov 2008-04-11 18:07:14 Re: tsearch2 and hyphenated terms