On Fri, 2005-05-27 at 11:33 -0500, Ed Finkler wrote: > Volkan YAZICI wrote: > > [snip] > > > If you think, they're not enough for SQL-Injection attacks, I'd advice > > you to patch libpq code, not PHP. > > This is very helpful information. My initial thinking is that this > wouldn't be effective at catching SQL injections, but I'll need to > bounce this off a few other folks. Given the modus operandi of an SQL inject attack, this should be perfectly effective at stopping them. As Bruno said, however, the "bind parameters" approach is a better approach in general. Cheers, Andrew McMillan. ------------------------------------------------------------------------- Andrew @ Catalyst .Net .NZ Ltd, PO Box 11-053, Manners St, Wellington WEB: http://catalyst.net.nz/ PHYS: Level 2, 150-154 Willis St DDI: +64(4)803-2201 MOB: +64(272)DEBIAN OFFICE: +64(4)499-2267
Attachment:
signature.asc
Description: This is a digitally signed message part
