Quick Links

Re: SQL injection

From:	Hannes Dorbath <light(at)theendofthetunnel(dot)de>
To:	pgsql-general(at)postgresql(dot)org
Subject:	Re: SQL injection
Date:	2005-11-03 10:55:51
Message-ID:	dkcqab$8v4$1@news.hub.org
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-general

On 03.11.2005 04:12, Alex Turner wrote:
> I would have to say that for security purposes - I would want magic
> quotes _on_ rather than off for the whole reasons of SQL Injection
> that we already talked about.

magic_quotes is evil and does if anything only prevent the simplest
cases of SQL injections. Keep it turned off. Use
http://php.net/pg_query_params exclusively to build secure queries..

--
Regards,
Hannes Dorbath

In response to

Re: SQL injection at 2005-11-03 03:12:31 from Alex Turner

Responses

Re: SQL injection at 2005-11-03 12:19:54 from Yonatan Ben-Nes
Re: SQL injection at 2005-11-03 15:15:14 from Alex Turner

Browse pgsql-general by date

	From	Date	Subject
Next Message	Sim Zacks	2005-11-03 11:33:20	left join a parenthesised inner join group
Previous Message	Lincoln Yeoh	2005-11-03 10:04:19	Re: mysql replace in postgreSQL?