Search Postgresql Archives

Re: HIPPA (was Re: Anyone know ...)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Kevin Hunter wrote:

What about an SQL injection bug that allows for increased privileges?
Um, web programming 101 is that you escape quotes on user-supplied inputs. That ends SQL injection.
Pardon my naivete (I'm fairly new to web/DB programming) . . . is this the current standard method of protection from SQL injection? How does it compare to SQL preparation with bound variables?
When you use SQL Prepared statements it is normal for the db driver to escape out the variables for you. Well at least it is in PHP, I can't say for other systems. 



Kevin
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Postgresql Jobs]     [Postgresql Admin]     [Postgresql Performance]     [Linux Clusters]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Books]     [PHP Databases]     [Postgresql & PHP]     [Yosemite]
  Powered by Linux