Edit report at https://bugs.php.net/bug.php?id=62978&edit=1
ID: 62978 Updated by: yohg...@php.net Reported by: slokunshialgo at gmail dot com Summary: pg_select() and similar are vulnerable to SQL injection via identifier Status: Closed -Type: Security +Type: Bug Package: PostgreSQL related Operating System: * PHP Version: 5.3 - master Assigned To: yohgaki Block user comment: N Private report: Y New Comment: This fix is treated as security enhancement, so 5.3 branch won't be fixed. Previous Comments: ------------------------------------------------------------------------ [2013-08-05 10:01:11] yohg...@php.net Fixed. http://git.php.net/?p=php- src.git;a=commitdiff;h=cb8d1fc7f913085117da109f89a1e5a6cb535c09 ------------------------------------------------------------------------ [2013-06-30 21:30:40] yohg...@php.net I've made patch against PHP-5.3 https://github.com/yohgaki/php-src/compare/PHP-5.3-pg_select_fix It passes tests with PostgreSQL 9.2, but it should be tested with 8.4 or less. This patch supposed to be able to merge upto master, but not tested yet. ------------------------------------------------------------------------ [2013-06-29 20:49:22] yohg...@php.net Changed Summary to descriptive one. ------------------------------------------------------------------------ [2013-06-29 20:39:23] yohg...@php.net I think this problem existed from the beginning. So any version which have pg_select()/etc are affected. ------------------------------------------------------------------------ [2013-06-29 20:36:10] yohg...@php.net This is the way it is supposed to use. pg_select() and similar functions should automatically escape string vars, and they do. pg_select($db, 't1',['str'=>"It's a string"]); produces LOG: æ: SELECT * FROM t1 WHERE str='It''s a string'; Note that string is properly escaped. However, they don't escape identifier. This should be fixed. ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at https://bugs.php.net/bug.php?id=62978 -- Edit this bug report at https://bugs.php.net/bug.php?id=62978&edit=1