You are using an out of date browser. It may not display this or other websites correctly. You should upgrade or use an alternative browser.
php pgsql security
About this tag
The php pgsql security tag covers discussions about vulnerabilities and hardening practices for the PHP pgsql extension when used with PostgreSQL databases. A key topic is CVE-2025-1735, a flaw in the extension's escaping logic that could cause crashes or injection-like behavior under specific conditions. Content includes patch guidance, vendor advisories, and mitigation steps for operators running PHP with Postgres. The tag focuses on practical security fixes and operational priorities for maintaining safe database interactions in PHP applications.
The PHP pgsql extension’s escaping logic failed a simple but critical safety check: it didn't always verify whether the PostgreSQL client library reported an error when escaping identifiers and strings. The result, tracked as CVE-2025-1735, is an availability- and stability-focused vulnerability...