Skip site navigation (1) Skip section navigation (2)

Re: entrance from php to postgresql

From: John DeSoi <desoi(at)pgedit(dot)com>
To: DCarrero <dcarreroc(at)gmail(dot)com>
Cc: pgsql-php(at)postgresql(dot)org
Subject: Re: entrance from php to postgresql
Date: 2006-07-11 17:44:06
Message-ID: 7EFA12A7-3CC7-49CC-AF2C-6AC681B33F7C@pgedit.com (view raw or flat)
Thread:
Lists: pgsql-php
On Jul 11, 2006, at 1:23 PM, DCarrero wrote:

> I was asking if this useful, or secure to do a transaction on web, or
> you recomend use a function with parameters an inside this insert
> data, thank for the information too...

If you are inserting user entered data (especially from the web) I  
highly recommend you use prepared statements. This will deal with  
security issues related to SQL injection. I prefer to use functions,  
but it is not necessary. Here is a short article I wrote which you  
might find helpful in using prepared statements from PHP:

http://pgedit.com/resource/php/pgfuncall




John DeSoi, Ph.D.
http://pgedit.com/
Power Tools for PostgreSQL


In response to

Responses

pgsql-php by date

Next:From: DCarreroDate: 2006-07-11 17:49:52
Subject: Re: entrance from php to postgresql
Previous:From: DCarreroDate: 2006-07-11 17:23:45
Subject: Re: entrance from php to postgresql

Privacy Policy | About PostgreSQL
Copyright © 1996-2014 The PostgreSQL Global Development Group