Hi,
I need to write a script that operates on PostgreSQL database.
I'm a little bit confused about all this functions that prevents SQL
injections,
I mean:
- add/stripslashes
- pg_escape_string
- pg_prepare,pg_query_params
in my hosting magic_quotes_gpc is on and I could not change it.
In my script I use pg_query_params and pg_prepare, so do I still need
add/stripslashes or any other escape fuctions.
could someone explain it to me ??
thanks
