| From: | John DeSoi <desoi(at)pgedit(dot)com> |
|---|---|
| To: | DCarrero <dcarreroc(at)gmail(dot)com> |
| Cc: | pgsql-php(at)postgresql(dot)org |
| Subject: | Re: entrance from php to postgresql |
| Date: | 2006-07-11 17:44:06 |
| Message-ID: | 7EFA12A7-3CC7-49CC-AF2C-6AC681B33F7C@pgedit.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-php |
On Jul 11, 2006, at 1:23 PM, DCarrero wrote:
> I was asking if this useful, or secure to do a transaction on web, or
> you recomend use a function with parameters an inside this insert
> data, thank for the information too...
If you are inserting user entered data (especially from the web) I
highly recommend you use prepared statements. This will deal with
security issues related to SQL injection. I prefer to use functions,
but it is not necessary. Here is a short article I wrote which you
might find helpful in using prepared statements from PHP:
http://pgedit.com/resource/php/pgfuncall
John DeSoi, Ph.D.
http://pgedit.com/
Power Tools for PostgreSQL
| From | Date | Subject | |
|---|---|---|---|
| Next Message | DCarrero | 2006-07-11 17:49:52 | Re: entrance from php to postgresql |
| Previous Message | DCarrero | 2006-07-11 17:23:45 | Re: entrance from php to postgresql |