[ubuntu-hardened] ubuntu 8.04 default PHP install

[Dan Guido]

Hi list,

Does Ubuntu package PHP in such a way that simple tick marks used in
sql injection attacks are automatically escaped? I see that you
patched PHP with the hardened-php patch and included the Suhosin
module, however, I was unaware they had any such functionality.

I'm trying to make an example SQL injection for a class and the script
I have is *clearly* vulnerable however the parameters are still being
escaped.

Thanks!

--
Dan Guido