Quick Links

Re: SQL safe input?

From:	"Charley L(dot) Tiggs" <ctiggs(at)xpressdocs(dot)com>
To:	cbraden(at)douglasknight(dot)com
Cc:	pgsql-novice(at)postgresql(dot)org
Subject:	Re: SQL safe input?
Date:	2005-08-26 22:07:17
Message-ID:	08213942-12FE-4445-890E-4E78B2697359@xpressdocs.com
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-novice

On Aug 26, 2005, at 2:53 PM, cbraden wrote:

> Folks,
>
> I would like to know how to prevent SQL attacks on a postgreSQL
> server.
>
> I know in mySQL you can put any input going to the DB through a
> filter which encodes anything which would be malicious into mySQL
> safe data. I need something similar in postgreSQL. Specifically
> as a php implementation if it exists.

You can use pg_escape_string ()

http://www.php.net/pg_escape_string

Charley

In response to

SQL safe input? at 2005-08-26 19:53:14 from cbraden

Browse pgsql-novice by date

	From	Date	Subject
Next Message	operationsengineer1	2005-08-26 22:40:02	Re: SQL safe input?
Previous Message	operationsengineer1	2005-08-26 21:46:45	Re: SQL "OR" Problem - Small Update