Re: entrance from php to postgresql

From: John DeSoi <desoi(at)pgedit(dot)com>
To: DCarrero <dcarreroc(at)gmail(dot)com>
Cc: pgsql-php(at)postgresql(dot)org
Subject: Re: entrance from php to postgresql
Date: 2006-07-11 17:44:06
Message-ID: 7EFA12A7-3CC7-49CC-AF2C-6AC681B33F7C@pgedit.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-php


On Jul 11, 2006, at 1:23 PM, DCarrero wrote:

> I was asking if this useful, or secure to do a transaction on web, or
> you recomend use a function with parameters an inside this insert
> data, thank for the information too...

If you are inserting user entered data (especially from the web) I
highly recommend you use prepared statements. This will deal with
security issues related to SQL injection. I prefer to use functions,
but it is not necessary. Here is a short article I wrote which you
might find helpful in using prepared statements from PHP:

http://pgedit.com/resource/php/pgfuncall

John DeSoi, Ph.D.
http://pgedit.com/
Power Tools for PostgreSQL

In response to

Responses

Browse pgsql-php by date

  From Date Subject
Next Message DCarrero 2006-07-11 17:49:52 Re: entrance from php to postgresql
Previous Message DCarrero 2006-07-11 17:23:45 Re: entrance from php to postgresql