Data Bases > Pgsql Hackers > Re: Protection ...

Latest [ Topics | Posts ]

Re: Protection from SQL injection

by lists@[EMAIL PROTECTED] (PFC) Apr 29, 2008 at 09:26 AM

On Tue, 29 Apr 2008 01:03:33 +0200, Brendan Jurd <direvus@[EMAIL PROTECTED]
> wrote:

> On Tue, Apr 29, 2008 at 7:00 AM, PFC <lists@[EMAIL PROTECTED]
> wrote:
>>  I have found that the little bit of code posted afterwards did=20=20
>> eliminate
>> SQL holes in my PHP applications with zero developer pain, actually it=
=20=20
>> is
>> MORE convenient to use than randomly pasting strings into queries.
>>
>>  You just call
>>  db_query( "SELECT * FROM table WHERE column1=3D%s AND column2=3D%s",
ar=
ray(
>> $var1, $var2 ));
>>
>
> Implementing this for yourself is crazy; PHP's Postgres extension
> already does this for you since 5.1.0:
>
> $result =3D pg_query_params("SELECT foo FROM bar WHERE baz =3D
$1",=20=20
> array($baz));
>
> http://www.php.net/manual/en/function.pg-query-params.php
>
> Cheers,
> BJ

	pg_query_params is quite slower actually...



--=20
Sent via pgsql-hackers mailing list (pgsql-hackers@[EMAIL PROTECTED]
)
To make changes to your subscription:
http://www.postgresql.org/mailpref/pgsql-hackers

56 Posts in Topic:

Protection from SQL injection

thomas.tom.mueller@[EMAIL

2008-04-28 20:55:34

Re: Protection from SQL injection

josh@[EMAIL PROTECTED] (

2008-04-28 12:09:29

Re: Protection from SQL injection

sfrost@[EMAIL PROTECTED]

2008-04-28 15:17:35

Re: Protection from SQL injection

lists@[EMAIL PROTECTED]

2008-04-28 23:00:18

Re: Protection from SQL injection

direvus@[EMAIL PROTECTED]

2008-04-29 09:03:33

Re: Protection from SQL injection

lists@[EMAIL PROTECTED]

2008-04-29 09:26:24

Re: Protection from SQL injection

sam@[EMAIL PROTECTED] (S

2008-04-29 00:15:44

Re: Protection from SQL injection

thomas.tom.mueller@[EMAIL

2008-04-29 13:37:37

Re: Protection from SQL injection

kleptog@[EMAIL PROTECTED]

2008-04-29 15:16:12

Re: Protection from SQL injection

lists@[EMAIL PROTECTED]

2008-04-29 15:29:44

Re: Protection from SQL injection

tino@[EMAIL PROTECTED] (

2008-04-29 16:35:41

Re: Protection from SQL injection

andrew@[EMAIL PROTECTED]

2008-04-29 11:05:54

Re: Protection from SQL injection

tino@[EMAIL PROTECTED] (

2008-04-30 16:47:56

Re: Protection from SQL injection

stark@[EMAIL PROTECTED]

2008-04-29 09:36:02

Re: Protection from SQL injection

pgsql@[EMAIL PROTECTED]

2008-04-29 19:44:29

Re: Protection from SQL injection

tgl@[EMAIL PROTECTED] (T

2008-04-29 10:58:17

Re: Protection from SQL injection

aidan@[EMAIL PROTECTED]

2008-04-29 11:23:04

Re: Protection from SQL injection

josh@[EMAIL PROTECTED] (

2008-04-29 11:39:09

Re: Protection from SQL injection

lists@[EMAIL PROTECTED]

2008-04-29 21:06:18

Re: Protection from SQL injection

stark@[EMAIL PROTECTED]

2008-04-29 14:19:51

Re: Protection from SQL injection

aidan@[EMAIL PROTECTED]

2008-04-29 16:01:44

Re: Protection from SQL injection

thomas.tom.mueller@[EMAIL

2008-04-29 21:29:41

Re: Protection from SQL injection

thomas.tom.mueller@[EMAIL

2008-04-29 22:18:48

Re: Protection from SQL injection

andrew@[EMAIL PROTECTED]

2008-04-29 16:33:01

Re: Protection from SQL injection

ajs@[EMAIL PROTECTED] (A

2008-04-29 16:55:21

Re: Protection from SQL injection

ajs@[EMAIL PROTECTED] (A

2008-04-29 17:23:39

Re: Protection from SQL injection

josh@[EMAIL PROTECTED] (

2008-04-29 15:24:10

Re: Protection from SQL injection

thomas.tom.mueller@[EMAIL

2008-05-01 19:00:25

Re: Protection from SQL injection

andrew@[EMAIL PROTECTED]

2008-05-01 13:09:38

Re: Protection from SQL injection

tgl@[EMAIL PROTECTED] (T

2008-05-01 13:25:07

Re: Protection from SQL injection

josh@[EMAIL PROTECTED] (

2008-04-29 14:10:20

Re: Protection from SQL injection

adsmail@[EMAIL PROTECTED]

2008-04-30 02:19:21

Re: Protection from SQL injection

singh.gurjeet@[EMAIL PROT

2008-04-30 06:17:03

Re: Protection from SQL injection

stark@[EMAIL PROTECTED]

2008-04-29 21:02:30

Re: Protection from SQL injection

josh@[EMAIL PROTECTED] (

2008-04-29 18:20:36

Re: Protection from SQL injection

ajs@[EMAIL PROTECTED] (A

2008-04-30 10:20:09

Re: Protection from SQL injection

kleptog@[EMAIL PROTECTED]

2008-04-30 22:58:34

Re: Protection from SQL injection

tgl@[EMAIL PROTECTED] (T

2008-04-30 17:33:38

Re: Protection from SQL injection

ajs@[EMAIL PROTECTED] (A

2008-05-01 09:13:27

Re: Protection from SQL injection

hannu@[EMAIL PROTECTED]

2008-04-29 23:21:10

Re: Protection from SQL injection

lists@[EMAIL PROTECTED]

2008-04-30 12:55:06

Re: Protection from SQL injection

books@[EMAIL PROTECTED]

2008-04-30 10:08:25

Re: Protection from SQL injection

thomas.tom.mueller@[EMAIL

2008-04-30 14:42:51

Re: Protection from SQL injection

thomas.tom.mueller@[EMAIL

2008-04-30 17:22:50

Re: Protection from SQL injection

singh.gurjeet@[EMAIL PROT

2008-04-30 22:41:08

Re: Protection from SQL injection

tgl@[EMAIL PROTECTED] (T

2008-04-30 13:28:19

Re: Protection from SQL injection

singh.gurjeet@[EMAIL PROT

2008-04-30 23:07:55

Re: Protection from SQL injection

aidan@[EMAIL PROTECTED]

2008-04-30 13:50:25

Re: Protection from SQL injection

stark@[EMAIL PROTECTED]

2008-05-01 11:07:08

Re: Protection from SQL injection

tgl@[EMAIL PROTECTED] (T

2008-05-01 11:26:21

Re: Protection from SQL injection

ajs@[EMAIL PROTECTED] (A

2008-05-01 11:47:04

Re: Protection from SQL injection

lists@[EMAIL PROTECTED]

2008-05-01 18:33:07

Re: Protection from SQL injection

ajs@[EMAIL PROTECTED] (A

2008-05-01 15:17:37

Re: Protection from SQL injection

fw@[EMAIL PROTECTED] (Fl

2008-05-04 19:38:45

Re: Protection from SQL injection

Chris Browne <cbbrowne

2008-05-05 10:28:12

Re: Protection from SQL injection

andrew@[EMAIL PROTECTED]

2008-05-05 14:00:30

Post A Reply:

About - Advertising - Contact - Frequently Asked Questions - Privacy Policy - Terms of Use - Signup
tan12V112 Sat Sep 6 22:54:55 CDT 2008.