Quick Links

Re: Effectiveness of pg_escape_string at blocking SQL injection

From:	Ed Finkler <coj(at)cerias(dot)purdue(dot)edu>
To:	Volkan YAZICI <volkan(dot)yazici(at)gmail(dot)com>
Cc:	pgsql-php(at)postgresql(dot)org
Subject:	Re: Effectiveness of pg_escape_string at blocking SQL injection
Date:	2005-05-27 16:33:33
Message-ID:	42974BDD.8040807@cerias.purdue.edu
Views:	Raw Message \| Whole Thread \| Download mbox \| Resend email
Thread:
Lists:	pgsql-php

Volkan YAZICI wrote:

[snip]

> If you think, they're not enough for SQL-Injection attacks, I'd advice
> you to patch libpq code, not PHP.

This is very helpful information. My initial thinking is that this
wouldn't be effective at catching SQL injections, but I'll need to
bounce this off a few other folks.

Thanks!

--
Ed Finkler
Web and Security Archive Administrator
CERIAS - Purdue University
http://www.cerias.purdue.edu/
v: 765.496.6762 f: 764.496.3181

In response to

Re: Effectiveness of pg_escape_string at blocking SQL injection attacks at 2005-05-27 16:25:52 from Volkan YAZICI

Responses

Re: Effectiveness of pg_escape_string at blocking SQL at 2005-05-28 05:01:20 from Andrew McMillan

Browse pgsql-php by date

	From	Date	Subject
Next Message	operationsengineer1	2005-05-27 17:25:52	Re: Effectiveness of pg_escape_string at blocking SQL injection
Previous Message	Volkan YAZICI	2005-05-27 16:25:52	Re: Effectiveness of pg_escape_string at blocking SQL injection attacks