Re: entrance from php to postgresql

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]




On Jul 11, 2006, at 1:23 PM, DCarrero wrote:

I was asking if this useful, or secure to do a transaction on web, or
you recomend use a function with parameters an inside this insert
data, thank for the information too...

If you are inserting user entered data (especially from the web) I highly recommend you use prepared statements. This will deal with security issues related to SQL injection. I prefer to use functions, but it is not necessary. Here is a short article I wrote which you might find helpful in using prepared statements from PHP:

http://pgedit.com/resource/php/pgfuncall




John DeSoi, Ph.D.
http://pgedit.com/
Power Tools for PostgreSQL



[Postgresql General]     [Postgresql Admin]     [PHP Users]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Yosemite Backpacking]     [Postgresql Jobs]

Add to Google Powered by Linux