| From: | DCarrero <dcarreroc(at)gmail(dot)com> |
|---|---|
| To: | "John DeSoi" <desoi(at)pgedit(dot)com> |
| Cc: | pgsql-php(at)postgresql(dot)org |
| Subject: | Re: entrance from php to postgresql |
| Date: | 2006-07-11 17:49:52 |
| Message-ID: | 5887d1f40607111049i545d7207u284ed61b5934b31d@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-php |
2006/7/11, John DeSoi <desoi(at)pgedit(dot)com>:
>
> On Jul 11, 2006, at 1:23 PM, DCarrero wrote:
>
> > I was asking if this useful, or secure to do a transaction on web, or
> > you recomend use a function with parameters an inside this insert
> > data, thank for the information too...
>
> If you are inserting user entered data (especially from the web) I
> highly recommend you use prepared statements. This will deal with
> security issues related to SQL injection. I prefer to use functions,
> but it is not necessary. Here is a short article I wrote which you
> might find helpful in using prepared statements from PHP:
>
> http://pgedit.com/resource/php/pgfuncall
Thanks again :D
| From | Date | Subject | |
|---|---|---|---|
| Next Message | DCarrero | 2006-07-11 20:50:48 | Re: entrance from php to postgresql |
| Previous Message | John DeSoi | 2006-07-11 17:44:06 | Re: entrance from php to postgresql |