Effectiveness of pg_escape_string at blocking SQL injection attacks

From: Ed Finkler <coj(at)cerias(dot)purdue(dot)edu>
To: pgsql-php(at)postgresql(dot)org
Subject: Effectiveness of pg_escape_string at blocking SQL injection attacks
Date: 2005-05-27 15:57:16
Message-ID: 4297435C.20605@cerias.purdue.edu
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-php

Folks,

The php mysql api has a function "mysql_real_escape_string" that seems
to be able to thwart known SQL injection attacks -- at least the ones of
which I and other people I've discussed this with know. I am curious to
know if pg_escape_string is as effective. If not, what would need to be
modified to make it more effective?

(there is a possibility that I may be able to get a grad student to work
on this at the center, so detailed responses would be appreciated.)

Thanks!

--
Ed Finkler
Web and Security Archive Administrator
CERIAS - Purdue University
http://www.cerias.purdue.edu/
v: 765.496.6762 f: 764.496.3181

Responses

Browse pgsql-php by date

  From Date Subject
Next Message Bruno Wolff III 2005-05-27 15:59:22 Re: Effectiveness of pg_escape_string at blocking SQL injection attacks
Previous Message Maura P. Jones, II 2005-05-25 23:46:23 Industry News