Hannes Dorbath wrote:
On 03.11.2005 04:12, Alex Turner wrote:
I would have to say that for security purposes - I would want magic
quotes _on_ rather than off for the whole reasons of SQL Injection
that we already talked about.
magic_quotes is evil and does if anything only prevent the simplest
cases of SQL injections. Keep it turned off. Use
http://php.net/pg_query_params exclusively to build secure queries..
The problem with pg_query_params is that you will be forced to use an RC
version of PHP.... I don't know about you but I think that for
production sites I prefer to use the final versions.
I think that prepared statements is the best solution here even if its
encumbering everything alittle...
---------------------------(end of broadcast)---------------------------
TIP 9: In versions below 8.0, the planner will ignore your desire to
choose an index scan if your joining column's datatypes do not
match
