Search Postgresql Archives

Re: HIPPA (was Re: Anyone know ...)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



What about an SQL injection bug that allows for increased privileges?

Um, web programming 101 is that you escape quotes on user-supplied inputs. That ends SQL injection.

Pardon my naivete (I'm fairly new to web/DB programming) . . . is this the current standard method of protection from SQL injection? How does it compare to SQL preparation with bound variables?

Kevin


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux