Effectiveness of pg_escape_string at blocking SQL injection attacks

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Folks,

The php mysql api has a function "mysql_real_escape_string" that seems to be able to thwart known SQL injection attacks -- at least the ones of which I and other people I've discussed this with know. I am curious to know if pg_escape_string is as effective. If not, what would need to be modified to make it more effective?

(there is a possibility that I may be able to get a grad student to work on this at the center, so detailed responses would be appreciated.)

Thanks!

--
Ed Finkler
Web and Security Archive Administrator
CERIAS - Purdue University
http://www.cerias.purdue.edu/
v: 765.496.6762  f: 764.496.3181


[Index of Archives]     [Postgresql General]     [Postgresql Admin]     [PHP Users]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Yosemite Backpacking]     [Postgresql Jobs]

  Powered by Linux