| From: | "Nigel J(dot) Andrews" <nandrews(at)investsystems(dot)co(dot)uk> |
|---|---|
| To: | pgsql-general(at)postgresql(dot)org, pgsql-interfaces(at)postgresql(dot)org |
| Subject: | More PHP DB abstraction layer stuff |
| Date: | 2003-01-24 15:35:28 |
| Message-ID: | Pine.LNX.4.21.0301241529130.28504-100000@ponder.fairway2k.co.uk |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-general pgsql-interfaces |
Has anyone seen/used this:
http://www.zend.com/codex.php?CID=324
It looks fairly inoccuous. It also claims to not load an entire dataset into
memory, i.e. uses cursors but I don't see where they're used, unless its
inherent in the PHP Pg interface.
One thing that always gets me is why people think quoting the ' in a string is
a security feature when they don't allow for someone giving \' in the
string. On the other hand I'm never sure how to protect against such 'odd
number of escapes' attacks. Anyone got any clues? Does PQescape do it?
--
Nigel Andrews
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Tom Lane | 2003-01-24 15:37:29 | Re: 7.2.1: coalesce double-calls function? |
| Previous Message | Jeff Eckermann | 2003-01-24 15:31:27 | Re: 7.2.1: coalesce double-calls function? |
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Justin Clift | 2003-01-24 16:14:17 | Re: More PHP DB abstraction layer stuff |
| Previous Message | David Wheeler | 2003-01-24 01:31:11 | Re: Prepare and prepare ? |