dbTalk Databases Forums  

SQL injections

Go Back dbTalk Databases Forums Databases comp.databases.postgresql SQL injections

comp.databases.postgresql comp.databases.postgresql


Discuss SQL injections in the comp.databases.postgresql forum.



Reply
 
Thread Tools Display Modes
  #1  
Old   
news
 
Posts: n/a

Default SQL injections - 03-29-2010 , 11:45 AM





Hi, I am just wondering how to have safe parameters avoiding to use
parametrized queries. How behaves quote_literal against sql injection
attempts? Is it adequate or must we use something stronger? Like for
example (Perl):

sub sanitize{
my $p=shift;
$p=~ s/[\\"'\*\#]+//g;
$p=~ s/-+/-/g;
return $p;
}

particularly I am wondering how quote_literal behaves against sql remarks.

have fun:
http://xkcd.com/327

Reply With Quote
Reply

« Previous Thread | Next Thread »



Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.


Contact Us - dbTalk Databases Forums - Archive - Top