Re: SQL safe input?

On Fri, Aug 26, 2005 at 15:53:14 -0400,
  cbraden <cbraden@douglasknight.com> wrote:
> Folks,
>
> I would like to know how to prevent SQL attacks on a postgreSQL server.
>
> I know in mySQL you can put any input going to the DB through a filter
> which encodes anything which would be malicious into mySQL safe data.  I
> need something similar in postgreSQL.  Specifically as a php
> implementation if it exists.

IMO the best way to do this is to use bind parameters to pass user input
to queries. Then you don't need to escape anything. You might still check
for very long strings.