Stack Overflow
Stack Overflow

Questions tagged [sql-injection]

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

SQL injection exploits a type of computer security vulnerability found in applications with SQL databases. It enables attackers to apply malicious SQL commands to the database via user input. It can for example extract, alter or delete sensitive data.

The vulnerability is present when user input is used directly in the SQL commands, instead of as parameters or properly filtered (also known as "sanitized", e.g. by quoting escape characters). It happens primarily because of poorly written SQL handling functions in client applications.

See famous example - Bobby Tables incident and the community wiki question's answer How can I prevent SQL injection in PHP?

Useful Links

3768 questions
100
votes
11 answers

Do I have to guard against SQL injection if I used a dropdown?

I understand that you should NEVER trust user input from a form, mainly due to the chance of SQL injection. However, does this also apply to a form where the only input is from a dropdown(s) (see below)? I'm saving the $_POST['size'] to a Session…
Tatters
  • 1,187
  • 2
  • 9
  • 18
93
votes
12 answers

Can parameterized statement stop all SQL injection?

If yes, why are there still so many successful SQL injections? Just because some developers do not use parameterized statements?
iceagle
  • 1,507
  • 2
  • 13
  • 13
87
votes
9 answers

Are Parameters really enough to prevent Sql injections?

I've been preaching both to my colleagues and here on SO about the goodness of using parameters in SQL queries, especially in .NET applications. I've even gone so far as to promise them as giving immunity against SQL injection attacks. But I'm…
Rune Grimstad
  • 35,612
  • 10
  • 61
  • 76
86
votes
6 answers

How can sanitation that escapes single quotes be defeated by SQL injection in SQL Server?

To start this off, I am well aware that parameterized queries are the best option, but I am asking what makes the strategy I present below vulnerable. People insist the below solution doesn't work, so I am look for an example of why it wouldn't. If…
GBleaney
  • 2,096
  • 2
  • 22
  • 40
84
votes
10 answers

Passing table name as a parameter in psycopg2

I have the following code, using pscyopg2: sql = 'select %s from %s where utctime > %s and utctime < %s order by utctime asc;' data = (dataItems, voyage, dateRangeLower, dateRangeUpper) rows = cur.mogrify(sql, data) This outputs: select 'waterTemp,…
Caligari
  • 1,381
  • 2
  • 10
  • 14
74
votes
2 answers

Python: best practice and securest way to connect to MySQL and execute queries

What is the safest way to run queries on MySQL? I am aware of the dangers involved with MySQL and SQL injection. However, I do not know how I should run my queries to prevent injection on the variables to which other users (webclients) can…
Lucas Kauffman
  • 6,789
  • 15
  • 60
  • 86
73
votes
5 answers

How does MongoDB avoid the SQL injection mess?

I was reading my trusty O'Reilly book and came across a passage about how Mongo, by nature, avoids the morass of SQL injection-like flaws. In my gut, I think I understand this. If unsanitized vars are passed into queries, they can't break out of the…
buley
  • 28,032
  • 17
  • 85
  • 106
69
votes
4 answers

Examples of SQL Injections through addslashes()?

In PHP, I know that mysql_real_escape is much safer than using addslashes. However, I could not find an example of a situation where addslashes would let an SQL Injection happen. Can anyone give some examples?
Nathan H
  • 48,033
  • 60
  • 165
  • 247
68
votes
4 answers

What are good ways to prevent SQL injection?

I have to program an application management system for my OJT company. The front end will be done in C# and the back end in SQL. Now I have never done a project of this scope before; in school we had only basic lessons about SQL. Somehow our teacher…
LeonidasFett
  • 3,052
  • 4
  • 46
  • 76
67
votes
14 answers

When is it best to sanitize user input?

User equals untrustworthy. Never trust untrustworthy user's input. I get that. However, I am wondering when the best time to sanitize input is. For example, do you blindly store user input and then sanitize it whenever it is accessed/used, or do you…
Aaron
  • 23,450
  • 10
  • 49
  • 48
65
votes
5 answers

What is this hacker trying to do?

If you do a search for: http://www.google.co.uk/search?q=0x57414954464F522044454C4159202730303A30303A313527&hl=en&start=30&sa=N you will see a lot of examples of an attempted hack along the lines of: 1) declare @q varchar(8000) select @q =…
JW.
  • 4,821
  • 5
  • 43
  • 60
63
votes
12 answers

Does CodeIgniter automatically prevent SQL injection?

I just inherited a project because the last developer left. The project is built off of Code Igniter. I've never worked with Code Igniter before. I took a quick look at the code and I see database calls in the controller like this: $dbResult =…
John
  • 32,403
  • 80
  • 251
  • 422
61
votes
5 answers

Reference: What is a perfect code sample using the MySQL extension?

This is to create a community learning resource. The goal is to have examples of good code that do not repeat the awful mistakes that can so often be found in copy/pasted PHP code. I have requested it be made Community Wiki. This is not meant as a…
Pekka
  • 442,112
  • 142
  • 972
  • 1,088
61
votes
5 answers

The ultimate clean/secure function

I have a lot of user inputs from $_GET and $_POST... At the moment I always write mysql_real_escape_string($_GET['var']).. I would like to know whether you could make a function that secures, escapes and cleans the $_GET/$_POST arrays right away, so…
Karem
  • 17,615
  • 72
  • 178
  • 278
59
votes
3 answers

CSRF, XSS and SQL Injection attack prevention in JSF

I have a web application built on JSF with MySQL as DB. I have already implemented the code to prevent CSRF in my application. Now since my underlying framework is JSF, I guess I don't have to handle XSS attack as it is already handled by…
AngelsandDemons
  • 2,823
  • 13
  • 47
  • 70
1
2
3
99 100