Search Postgresql Archives

SQL injection, php and queueing multiple statement

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: pgsql-general@xxxxxxxxxxxxxx
Subject: SQL injection, php and queueing multiple statement
From: Ivan Sergio Borgonovo <mail@xxxxxxxxxxxxxxx>
Date: Fri, 11 Apr 2008 21:21:28 +0200
Organization: www.WebThatWorks.it

Is there a switch (php side or pg side) to avoid things like:

pg_query("select id from table1 where a=$i");

into becoming

pg_query("select id from table1 where a=1 and 1=1; do something
nasty; -- ");

So that every
pg_query(...) can contain no more than one statement?

thanks

-- 
Ivan Sergio Borgonovo
http://www.webthatworks.it

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Follow-Ups:
- Re: SQL injection, php and queueing multiple statement
  - From: Yasuo Ohgaki
- Re: SQL injection, php and queueing multiple statement
  - From: Dawid Kuroczko
- Re: SQL injection, php and queueing multiple statement
  - From: Chris Browne
- Re: SQL injection, php and queueing multiple statement
  - From: Adam Rich

Prev by Date: Re: tsearch2 and hyphenated terms
Next by Date: Re: SQL injection, php and queueing multiple statement
Previous by thread: tsearch2 and hyphenated terms
Next by thread: Re: SQL injection, php and queueing multiple statement
Index(es):
- Date
- Thread

[Index of Archives] [Postgresql Jobs] [Postgresql Admin] [Postgresql Performance] [Linux Clusters] [PHP Home] [PHP on Windows] [Kernel Newbies] [PHP Classes] [PHP Books] [PHP Databases] [Postgresql & PHP] [Yosemite]

Powered by Linux