Skip site navigation (1) Skip section navigation (2)

Re: More PHP DB abstraction layer stuff

From: Dennis Gearon <gearond(at)cvc(dot)net>
To: "Nigel J(dot) Andrews" <nandrews(at)investsystems(dot)co(dot)uk>,Greg Stark <gsstark(at)mit(dot)edu>
Cc: pgsql-general(at)postgresql(dot)org, pgsql-interfaces(at)postgresql(dot)org
Subject: Re: More PHP DB abstraction layer stuff
Date: 2003-01-24 19:13:53
Message-ID: 2ZNYVFD2X72ONE0091WQPZXGJEC7WR.3e319071@cal-lab (view raw or flat)
Thread:
Lists: pgsql-generalpgsql-interfaces
could you elaborate on:

	Place holders ( those are in prepared queries, yes?)
	out of band?

1/24/2003 9:22:42 AM, Greg Stark <gsstark(at)mit(dot)edu> wrote:

>
>"Nigel J. Andrews" <nandrews(at)investsystems(dot)co(dot)uk> writes:
>
>But the best way to deal with this is to use placeholders and prepared queries
>and provide the data out of band. This completely sidesteps the issue and
>guarantees you can't get it wrong by mistake ever. Mixing user-provided data
>with program code is a recipe for security holes.
>
>-- 
>greg
>
>
>---------------------------(end of broadcast)---------------------------
>TIP 1: subscribe and unsubscribe commands go to majordomo(at)postgresql(dot)org
>




In response to

Responses

pgsql-interfaces by date

Next:From: Nigel J. AndrewsDate: 2003-01-24 19:15:52
Subject: Re: More PHP DB abstraction layer stuff
Previous:From: Greg StarkDate: 2003-01-24 17:22:42
Subject: Re: More PHP DB abstraction layer stuff

pgsql-general by date

Next:From: Nigel J. AndrewsDate: 2003-01-24 19:15:52
Subject: Re: More PHP DB abstraction layer stuff
Previous:From: Björn MetzdorfDate: 2003-01-24 18:50:55
Subject: weird lower() problem with character

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group