Folks,
The php mysql api has a function "mysql_real_escape_string" that seems
to be able to thwart known SQL injection attacks -- at least the ones of
which I and other people I've discussed this with know. I am curious to
know if pg_escape_string is as effective. If not, what would need to be
modified to make it more effective?
(there is a possibility that I may be able to get a grad student to work
on this at the center, so detailed responses would be appreciated.)
Thanks!
--
Ed Finkler
Web and Security Archive Administrator
CERIAS - Purdue University
http://www.cerias.purdue.edu/
v: 765.496.6762 f: 764.496.3181
