Stack Overflow
Stack Overflow

Questions tagged [sql-injection]

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

SQL injection exploits a type of computer security vulnerability found in applications with SQL databases. It enables attackers to apply malicious SQL commands to the database via user input. It can for example extract, alter or delete sensitive data.

The vulnerability is present when user input is used directly in the SQL commands, instead of as parameters or properly filtered (also known as "sanitized", e.g. by quoting escape characters). It happens primarily because of poorly written SQL handling functions in client applications.

See famous example - Bobby Tables incident and the community wiki question's answer How can I prevent SQL injection in PHP?

Useful Links

3768 questions
21
votes
16 answers

How can I avoid SQL injection attacks in my ASP.NET application?

I need to avoid being vulnerable to SQL injection in my ASP.NET application. How might I accomplish this?
balaweblog
  • 14,982
  • 28
  • 73
  • 95
21
votes
1 answer

Sanitizing user inputs with Spring MVC framework

I am working on web application using spring mvc framework, I wanted to know is there any best way to sanitize user inputs or common method to sanitize all the user inputs in springs to avoid XSS and Sql Injection attacks?
Kishan_KP
  • 4,488
  • 6
  • 27
  • 46
21
votes
12 answers

How should I pass a table name into a stored proc?

I just ran into a strange thing...there is some code on our site that is taking a giant SQL statement, modifying it in code by doing some search and replace based on some user values, and then passing it on to SQL Server as a query. I was thinking…
Beska
  • 12,445
  • 14
  • 77
  • 112
21
votes
6 answers

Testing if a site is vulnerable to Sql Injection

I was reading about sql injection and i understand how it works if there is a form where the user can enter his username and login. What i dont get is how websites without a login page can be vulnerable to sql…
Developer Android
  • 577
  • 3
  • 5
  • 21
20
votes
12 answers

What does mysql_real_escape_string() do that addslashes() doesn't?

Why do we need a DB-specific functions like mysql_real_escape_string()? What can it do that addslashes() doesn't? Ignoring for the moment the superior alternative of parameterized queries, is a webapp that uses addslashes() exclusively still…
Michael Borgwardt
  • 342,105
  • 78
  • 482
  • 720
20
votes
6 answers

In PHP when submitting strings to the database should I take care of illegal characters using htmlspecialchars() or use a regular expression?

I am working on a form with the possiblity for the user to use illegal/special characters in the string that is to be submitted to the database. I want to escape/negate these characters in the string and have been using htmlspecialchars(). However,…
Brook Julias
  • 2,085
  • 9
  • 29
  • 44
20
votes
7 answers

Am I immune to SQL injections if I use stored procedures?

Lets say on MySQL database (if it matters).
z-boss
  • 17,111
  • 12
  • 49
  • 81
20
votes
1 answer

PostgreSQL - DB user should only be allowed to call functions

Currently I'm using PostgreSQL for my application. Since I am trying to put every SQL that contains a transaction (i.e. insert, update, delete) in a function, I stumbled upon this problem: Is it possible that a database user may only be allowed to…
lefthy
  • 303
  • 1
  • 2
  • 5
19
votes
1 answer

SQL Injection Detection - Have compiled regexes... looking for test injections

Over the weekend I've compiled a list of regexs to check for sql injections in GET, POST and COOKIE super globals. They are by all accounts very effective in detecting if a sql injection is found. I've run lots of injection attacks that I've seen on…
buggedcom
  • 1,537
  • 2
  • 18
  • 34
19
votes
8 answers

Bad Code: Why is this dangerous?

Possible Duplicate: Can I protect against SQL Injection by escaping single-quote and surrounding user input with single-quotes? String badInput = rawInput.replace("'","''"); ResultSet rs = statement.executeQuery("SELECT * FROM records…
Epaga
  • 38,231
  • 58
  • 157
  • 245
19
votes
7 answers

Does this code prevent SQL injection?

Background I've been contracted to analyze an existing Data Provider and I know the following code is faulty; but in order to point out how bad it is, I need to prove that it's susceptible to SQL injection. Question What "Key" parameter could break…
Josh Stodola
  • 81,538
  • 47
  • 180
  • 227
18
votes
5 answers

function to sanitize input to Mysql database

I am trying to put a general purpose function together that will sanitize input to a Mysql database. So far this is what I have: function sanitize($input){ if(get_magic_quotes_qpc($input)){ $input = trim($input); // get rid of white…
crmepham
  • 4,676
  • 19
  • 80
  • 155
18
votes
2 answers

How is SQL injection typically stopped in a Spring/Hibernate setup

I hate the Ruby language because it's not statically typed but the more time I spend with Spring/Hibernate I appreciate more of Ruby on Rails' features. Specifically the fact that their Active Record model prevents SQL injection for you. How is this…
Matthew Stopa
  • 3,793
  • 6
  • 42
  • 51
18
votes
4 answers

Am I safe from a MySQL injection?

Is the following good enough to avoid a SQL injection? mysql_real_escape_string(htmlentities (urlencode($_POST['postmessage'])));
user342391
  • 7,569
  • 23
  • 66
  • 88
18
votes
1 answer

SQL injection hacks and django

Coming from a jsp and servlet background I am interested to know how django copes with SQL injection hacks. As a servlet and jsp developer I would use prepared statements which gives me some form of protection. How does django cope with custom…
Dean
  • 8,668
  • 17
  • 57
  • 86
1 2 3
99 100