Re: SQL injection

Поиск
Список
Период
Сортировка
От Kevin Murphy
Тема Re: SQL injection
Дата
Msg-id 43676D4A.9090908@genome.chop.edu
обсуждение исходный текст
Ответ на Re: SQL injection  ("Matthew D. Fuller" <fullermd@over-yonder.net>)
Ответы Re: SQL injection  (Tom Lane <tgl@sss.pgh.pa.us>)
Re: SQL injection  (Benjamin Smith <lists@benjamindsmith.com>)
Список pgsql-general
Дерево обсуждения 
Can some knowledgeable person set the record straight on SQL injection,
please?  I thought that the simple answer was to use prepared statements
with bind variables (except when you are letting the user specify whole
chunks of SQL, ugh), but there are many people posting who either don't
know about prepared statements or know something I don't.

Thanks,
Kevin Murphy

P.S.  I don't use PHP, but google informs me that PHP definitely has
prepared statement options: PEAR::DB, PDO in 5.X+, etc.

В списке pgsql-general по дате отправления:

Предыдущее
От: Jan Wieck
Дата:
Сообщение: Re: Oracle 10g Express - any danger for Postgres?
Следующее
От: Tom Lane
Дата:
Сообщение: Re: Oracle 10g Express - any danger for Postgres?