Skip to main content
Software Engineering

Questions tagged [sql-injection]

Ask Question

SQL injection is a security vulnerability allowing an attacker to execute arbitrary SQL statements against a database using a variety of inputs. This includes dynamic SQL statements or SQL statements created in an application by concatenating strings with user input.

15 questions
Newest Active Bountied Unanswered
Filter by
Sorted by
Tagged with
0 votes
2 answers
194 views

The application in question is integrating with BigImportantThing (BIT). Part of our application's job is to provide a better interface, so this is something to resolve within our application. The ...
Mr Redstoner's user avatar
  • 109
0 votes
1 answer
358 views

I want the user to be able to provide a custom WHERE statement against a mysql-backed platform... do I need to worry about any possible SQL injection attacks notwithstanding invalid sql? See the ...
Sanchke Dellowar's user avatar
  • 1
-1 votes
3 answers
173 views

Let's say a user goes to the log in page of my website and creates an account. Instead of entering their real name, they decide to write some sql code and try to gain access to my database. I have ...
Cole's user avatar
  • 1
1 vote
1 answer
1k views

At my workplace we're soon going to be tasked with removing SQL injection vulnerabilities from a large code base. The application was originally written around 8 years ago and after years of bolt-ons ...
Adam Copley's user avatar
  • 482
60 votes
16 answers
14k views

The way I see it, SQL injection attacks can be prevented by: Carefully screening, filtering, encoding input (before insertion into SQL) Using prepared statements / parameterized queries I suppose that ...
Dennis's user avatar
  • 8,267
1 vote
1 answer
1k views

I am learning Database connection from MySQL Connector/Python Developer Guide. This is the code I am using to insert data: conn = mysql.connector.connect(user="user", password="password", host="127....
CS GO's user avatar
  • 111
1 vote
4 answers
701 views

I've written a database model class in PHP and have written a controller class that specifically validates the data before sending it to db. I'm getting criticism that I should handle the data in ...
Syntax Error's user avatar
  • 155
2 votes
1 answer
757 views

I have developed a web application using zend framework, mysql, and other client side technologies like javascript, jquery ajax, kendo grid, and so on. I have completed development and have done ...
웃웃웃웃웃's user avatar
  • 131
0 votes
2 answers
3k views

I thought Doctrine 2 DBAL prepared statements were safe from SQLi. But I found this confusing bit in the docs: By default the Doctrine DBAL does no escaping. Escaping is a very tricky business to ...
ChocoDeveloper's user avatar
  • 393
108 votes
7 answers
10k views

I've been hired by someone to do some small work on a site. It's a site for a large company. It contains very sensitive data, so security is very important. Upon analyzing the code, I've noticed it's ...
MaiaVictor's user avatar
  • 5,860
5 votes
1 answer
511 views

One of things that annoys me about SQL is that it can't think in terms of objects and it's lack of encapsulation makes me constantly have to escape commands to prevent injections. I want a database ...
DrinkJavaCodeJava's user avatar
  • 215
7 votes
5 answers
881 views

I've been asked to audit a PHP application. No framework, no router, no model. Pure PHP. Few shared functions. HTML, CSS, and JS all mixed together. I've discovered numerous places where SQL injection ...
Austin Smith's user avatar
  • 73
13 votes
3 answers
997 views

All I have seen on SQL injection attacks seems to suggest that parametrized queries, particularly ones in stored procedures, are the only way to protect against such attacks. While I was working (back ...
Chris Walton's user avatar
  • 424
1 vote
2 answers
2k views

I'm running Coldfusion 8 and SQL server 2008. I've been building serveral forms that insert data into the database from external users, we have a custom built security module built by the guy who I'...
Snow_Mac's user avatar
  • 349
15 votes
6 answers
770 views

A chap I'm bidding to do some development for has a social network he wrote himself. Not the next facebook by any stretch. But a few thousand local users. I went to have a look at it to see what ...
bencoder's user avatar
  • 329