Skip site navigation (1)
Skip section navigation (2)
Peripheral Links
Header And Logo
|
Site Navigation
Re: Protection from SQL injection
- From: PFC <lists(at)peufeu(dot)com>
- To: "Brendan Jurd" <direvus(at)gmail(dot)com>
- Cc: "Thomas Mueller" <thomas(dot)tom(dot)mueller(at)gmail(dot)com>, pgsql-hackers(at)postgresql(dot)org
- Subject: Re: Protection from SQL injection
- Date: Tue, 29 Apr 2008 09:26:24 +0200
- Message-id: <op(dot)uac2yav2cigqcu(at)apollo13(dot)peufeu(dot)com>
On Tue, 29 Apr 2008 01:03:33 +0200, Brendan Jurd <direvus(at)gmail(dot)com> wrote:
On Tue, Apr 29, 2008 at 7:00 AM, PFC <lists(at)peufeu(dot)com> wrote:I have found that the little bit of code posted afterwards did eliminate SQL holes in my PHP applications with zero developer pain, actually it isMORE convenient to use than randomly pasting strings into queries. You just call db_query( "SELECT * FROM table WHERE column1=%s AND column2=%s", array( $var1, $var2 ));Implementing this for yourself is crazy; PHP's Postgres extension already does this for you since 5.1.0:$result = pg_query_params("SELECT foo FROM bar WHERE baz = $1", array($baz));http://www.php.net/manual/en/function.pg-query-params.php Cheers, BJ
pg_query_params is quite slower actually...
- Follow-Ups:
- Re: Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- References:
- Protection from SQL injection
- From: Thomas Mueller
- Re: Protection from SQL injection
- From: PFC
- Re: Protection from SQL injection
- From: Brendan Jurd
- Protection from SQL injection
- Prev by Date: Re: [COMMITTERS] pgsql: Increase the statement_timeout value used in the prepared_xacts
- Next by Date: Re: we don't have a bugzilla
- Previous by thread: Re: Protection from SQL injection
- Next by thread: Re: Protection from SQL injection
- Indexes: