Re: PostgreSQL + Hibernate, Apache Mod Security, SQL Injection and you (a love story)

On Fri, Feb 5, 2010 at 1:09 PM, John R Pierce <pierce@hogranch.com> wrote:
> if you use parameterized calls (easy in perl, java, etc but not so easy in
> php), you're should be immune.  in the past there were some issues with
> specific evil mis-coded UTF8 sequences, but afaik, thats been cleared up for
> quite a while.

Please don't FUD php.  The usage of prepared statements is quite
simple, either with the native pg set of functions, or the PDO
abstraction layers.  PHP has plenty of issues, this is not one of
them.