Re: Escaping metacharacters
От | Oliver Elphick |
---|---|
Тема | Re: Escaping metacharacters |
Дата | |
Msg-id | 1090188550.25749.105.camel@linda обсуждение исходный текст |
Ответ на | Escaping metacharacters (DarkSamurai <julio@invlaid.linux.net>) |
Ответы |
Re: Escaping metacharacters
|
Список | pgsql-hackers |
On Thu, 2004-07-15 at 23:02, DarkSamurai wrote: > Hi, > > To prevent SQL injections, I try to neutralize SQL metacharacters. > > ex: > > Code: > > > > function SQLString($s) { > > $s = str_replace("'", "\\s", $s)' > > $s = str_replace("\\", "\\\\", $s); > > return "'" . $s . "'"; Have you looked at the function PQescapeString() in the libpq library? Using that would seem to be a simpler way of solving this problem. Libraries such as Perl DBI have similar functions built in. -- Oliver Elphick olly@lfix.co.uk Isle of Wight http://www.lfix.co.uk/oliver GPG: 1024D/A54310EA 92C8 39E7 280E 3631 3F0E 1EC0 5664 7A2F A543 10EA ======================================== "For God so loved the world, that he gave his only begotten Son, that whosoeverbelieveth in him should not perish, but have everlasting life." John 3:16
В списке pgsql-hackers по дате отправления: