On Fri, Feb 5, 2010 at 1:09 PM, John R Pierce <pierce@xxxxxxxxxxxx> wrote: > if you use parameterized calls (easy in perl, java, etc but not so easy in > php), you're should be immune. in the past there were some issues with > specific evil mis-coded UTF8 sequences, but afaik, thats been cleared up for > quite a while. Please don't FUD php. The usage of prepared statements is quite simple, either with the native pg set of functions, or the PDO abstraction layers. PHP has plenty of issues, this is not one of them. -- Sent via pgsql-general mailing list (pgsql-general@xxxxxxxxxxxxxx) To make changes to your subscription: http://www.postgresql.org/mailpref/pgsql-general
