Stack Overflow
Stack Overflow

Questions tagged [sql-injection]

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

SQL injection exploits a type of computer security vulnerability found in applications with SQL databases. It enables attackers to apply malicious SQL commands to the database via user input. It can for example extract, alter or delete sensitive data.

The vulnerability is present when user input is used directly in the SQL commands, instead of as parameters or properly filtered (also known as "sanitized", e.g. by quoting escape characters). It happens primarily because of poorly written SQL handling functions in client applications.

See famous example - Bobby Tables incident and the community wiki question's answer How can I prevent SQL injection in PHP?

Useful Links

3768 questions
13
votes
1 answer

Parameterizing SQL queries in Ruby + TinyTDS

I am trying to figure out how to parameterize an SQL string before handing it off to be executed, but sadly I find a lot of this on the internet: sql = "SELECT * FROM table_name WHERE thing LIKE '%#{input}%'" Which is a bad thing...however,…
yurisich
  • 6,991
  • 7
  • 42
  • 63
12
votes
7 answers

SQL Injection through mysql_query

I'm working on a site that has been hacked through SQL Injection (at first glance only db entries are corrupted with cross-site scripting) the potential vulnerability I found after looking at the code is that there's a lot of mysql_query call whose…
AsTeR
  • 7,247
  • 14
  • 60
  • 99
12
votes
3 answers

How does PHP PDO's prepared statements prevent sql injection? What are other benefits of using PDO? Does using PDO reduce efficiency?

I have been spotting the sentence PHP PDO's prepared statements prevents SQL injection. How does php PDO's(PDO's prepared statements) prevent sql injection? What are other pros/cons of using PDO(PDO's prepared statements)? Does using PDO(PDO's…
ThinkingMonkey
  • 12,539
  • 13
  • 57
  • 81
12
votes
14 answers

Is there some way to inject SQL even if the ' character is deleted?

If I remove all the ' characters from a SQL query, is there some other way to do a SQL injection attack on the database? How can it be done? Can anyone give me examples?
Niyaz
  • 53,943
  • 55
  • 151
  • 182
12
votes
3 answers

Sequelize: escape string in a literal string

I can use literal in Sequelize to manually build a SQL query part: sequelize.literal(`"foo".bar ILIKE '%baz%'`) But if I want to add a var in this literal block, I now introduce SQL injection vulnerability: sequelize.literal(`"foo".name ILIKE…
rap-2-h
  • 30,204
  • 37
  • 167
  • 263
12
votes
8 answers

MySQL injection protection and vulnerability signs using PHP

What are the best ways to protect from MySQL injection? What are weaknesses I should look out for? I know what it is, but I really have no idea how vulnerable I might be. Though I have taken (what I think to be) steps toward protecting myself and my…
johnnietheblack
  • 13,050
  • 28
  • 95
  • 133
12
votes
12 answers

How to notify someone that their website is vulnerable to SQL injection?

Original question: An affiliate partner of us has a website that is vulnerable to SQL-injection. We noticed this by accident (typo in an URL triggered an enormously informative error page). Now we do not know this affiliate partner very well. We…
Jacco
  • 23,534
  • 17
  • 88
  • 105
12
votes
1 answer

Sanitizing SQL query parameters in AWS Athena

In AWS Athena, there doesn't appear to be a good way to pass parameters into the SQL query. The typical way to execute is from a boto3 call, response = client.start_query_execution( QueryString='string', ClientRequestToken='string', …
user3002273
12
votes
6 answers

Ways to prevent SQL Injection Attack & XSS in Java Web Application

I'm writing a java class which would be invoked by a servlet filter and which checks for injection attack attempts and XSS for a java web application based on Struts. The InjectionAttackChecker class uses regex & java.util.regex.Pattern class to…
arya
  • 235
  • 2
  • 4
  • 9
12
votes
4 answers

How to prevent SQL injection in MySQL's command-line shell interface?

I use shell script to communicate to a MySQL database. MySQL supports specifying query as a shell argument, like this: mysql my_db -B -N -e "select id from Table" However, if I have a parameter, which I'd like to use in a query, how can I get…
P Shved
  • 96,026
  • 17
  • 121
  • 165
12
votes
3 answers

SQL Injection and Codeigniter

Some doubts regarding Codeigniter and its Input handling capabilities. Some may be a little weird but they are doubts none-the-less. If I use the Active Record Class functions in CodeIgniter, is my input prevented against SQL injection? I read…
OrangeRind
  • 4,798
  • 13
  • 45
  • 57
12
votes
4 answers

SQL injection attack - What is going on here?

Possible Duplicate: Attempted SQL injection attack - what are they trying to do? I have seen this SQL injection attempt on my site many times in the last few months. ';DECLARE @S CHAR(4000);SET…
Ryan Smith
  • 8,344
  • 22
  • 76
  • 103
12
votes
1 answer

Are SQL operator functions for Entity Framework safe against SQL injection?

These functions give access to specialty functions (SqlClient) in SQL. For example 'like' or 'between'. And they also give a nicer common abstraction layer for them. Not to be confused with stored procedure(s) "functions" which is the topic of this…
Arturo Hernandez
  • 2,749
  • 3
  • 28
  • 36
12
votes
4 answers

Is my PDO query safe from SQL injection

I'm fairly new to PDO and wondering if my query below is safe from SQL injection. I'll be using this method throughout the site if so. // make connection to DB $db = new PDO('mysql:host='.$dateBaseHost.';dbname='.$dateBaseName,…
user2183216
  • 359
  • 3
  • 9
  • 22
12
votes
4 answers

Vulnerabilities of PHP's (deprecated) mysql module vs. MySQLi & PDOs

I am in charge of maintaining and extending a PHP codebase which began in 2007 and uses the original mysql module. All user input is escaped using casting for values expected to be numerical, mysql_real_escape_string() quoted using single quotes for…
Nicholas Shanks
  • 10,623
  • 4
  • 56
  • 80
1 2 3
99 100