Quick Links

Effectiveness of pg_escape_string at blocking SQL injection attacks

From:	Ed Finkler <coj(at)cerias(dot)purdue(dot)edu>
To:	pgsql-php(at)postgresql(dot)org
Subject:	Effectiveness of pg_escape_string at blocking SQL injection attacks
Date:	2005-05-27 15:57:16
Message-ID:	4297435C.20605@cerias.purdue.edu
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-php

Folks,

The php mysql api has a function "mysql_real_escape_string" that seems
to be able to thwart known SQL injection attacks -- at least the ones of
which I and other people I've discussed this with know. I am curious to
know if pg_escape_string is as effective. If not, what would need to be
modified to make it more effective?

(there is a possibility that I may be able to get a grad student to work
on this at the center, so detailed responses would be appreciated.)

Thanks!

--
Ed Finkler
Web and Security Archive Administrator
CERIAS - Purdue University
http://www.cerias.purdue.edu/
v: 765.496.6762 f: 764.496.3181

Responses

Re: Effectiveness of pg_escape_string at blocking SQL injection attacks at 2005-05-27 15:59:22 from Bruno Wolff III
Re: Effectiveness of pg_escape_string at blocking SQL injection attacks at 2005-05-27 16:25:52 from Volkan YAZICI
Re: Effectiveness of pg_escape_string at blocking SQL injection attacks at 2005-05-28 07:01:33 from Volkan YAZICI

Browse pgsql-php by date

	From	Date	Subject
Next Message	Bruno Wolff III	2005-05-27 15:59:22	Re: Effectiveness of pg_escape_string at blocking SQL injection attacks
Previous Message	Maura P. Jones, II	2005-05-25 23:46:23	Industry News