Stack Overflow
Stack Overflow

Questions tagged [sql-injection]

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

SQL injection exploits a type of computer security vulnerability found in applications with SQL databases. It enables attackers to apply malicious SQL commands to the database via user input. It can for example extract, alter or delete sensitive data.

The vulnerability is present when user input is used directly in the SQL commands, instead of as parameters or properly filtered (also known as "sanitized", e.g. by quoting escape characters). It happens primarily because of poorly written SQL handling functions in client applications.

See famous example - Bobby Tables incident and the community wiki question's answer How can I prevent SQL injection in PHP?

Useful Links

3768 questions
17
votes
3 answers

A PHP function to prevent SQL Injections and XSS

I am tring to make my PHP as secure as possible, and the two main things I am trying to avoid are mySQL Injections Cross-Side Scripting (XSS) This is the script I got against mySQL Injections: function make_safe($variable) { $variable =…
LonelyWebCrawler
  • 2,866
  • 4
  • 37
  • 57
17
votes
1 answer

Entity Framework + sql injection

I'm building up an IQueryable where I am applying relevant filters, and I come across this line of code here. items = items.OrderBy(string.Format("{0} {1}", sortBy, sortDirection)); Is this snippet vulnerable to SQL injection? Or are these (string)…
alexhuang
  • 506
  • 1
  • 3
  • 12
17
votes
1 answer

Is a SQLAlchemy query vulnerable to injection attacks?

I have the following query that uses like to search a blog. I am not sure if I'm making myself vulnerable to a SQL injection attack if I do this. How is SQLAlchemy handling this? Is it safe? search_results =…
nobody
  • 501
  • 1
  • 5
  • 14
17
votes
1 answer

Double Hyphen/Dash in SQL-Injection. What are they used for?

I'm currently learning how SQL-Injections work. On many teaching-websites there are examples shown, such as SELECT fieldlist FROM table WHERE field = 'x' AND email IS NULL; --'; In the field 'field' the content thats going to be checked comes from…
Officer Bacon
  • 724
  • 1
  • 7
  • 22
17
votes
3 answers

Is the @Query annotation in spring SQL Injection safe?

Do the parameters of a string passed to the @Query annotation, for Spring, get treated as pure data as they would if, for example, you were using the PreparedStatement class or any method meant to prevent SQL injection? final String MY_QUERY =…
Usman Mutawakil
  • 4,993
  • 9
  • 43
  • 80
17
votes
5 answers

Do you have any SQL Injection Testing "Ammo"?

When reading about SQL Injection and XSS i was wondering if you guys have a single string that could be used to identify those vulnerabilities and others. A string that could be thrown into a website database to black box check if that field is safe…
Ólafur Waage
  • 68,817
  • 22
  • 142
  • 198
17
votes
4 answers

When should I use prepared statements?

Originally I used mysql_connect and mysql_query to do things. Then I learned of SQL injection, so I am trying to learn how to use prepared statements. I understand how the prepare and execute functions of the PDO class are useful to prevent SQL…
G.SINGH
  • 389
  • 2
  • 3
  • 8
17
votes
3 answers

Do I have to use mysql_real_escape_string if I bind parameters?

I have the following code: function dbPublish($status) { global $dbcon, $dbtable; if(isset($_GET['itemId'])) { $sqlQuery = 'UPDATE ' . $dbtable . ' SET active = ? WHERE id = ?'; $stmt = $dbcon->prepare($sqlQuery); $stmt->bind_param('ii',…
Babak
  • 279
  • 1
  • 7
  • 16
17
votes
3 answers

Is mysqli_real_escape_string safe?

I´m new in PHP and I´ve realised that my database connection, using a php form (with user and pass text inputs) was totally unsafe: This was working, but was unsafe:
Rosamunda
  • 14,620
  • 10
  • 40
  • 70
17
votes
3 answers

How do I sanitize SQL without using prepared statements

For some sql statements I can't use a prepared statment, for instance: SELECT MAX(AGE) FROM ? For instance when I want to vary the table. Is there a utility that sanitizes sql in Java? There is one in ruby.
mr.gaffo
  • 171
  • 1
  • 1
  • 3
17
votes
3 answers

SQL Server - Dynamic PIVOT Table - SQL Injection

Sorry for the long question but this contains all the SQL I've used to test the scenario to hopefully make it clear as to what I'm doing. I'm build up some dynamic SQL to produce a PIVOT table in SQL Server 2005. Below is code to do this. With…
Robin Day
  • 100,552
  • 23
  • 116
  • 167
16
votes
4 answers

Escaping user input from database necessary?

So I know about MySQL injection and always escape all my user input before putting it in my database. However I was wondering, imagine a user tries to submit a query to inject, and I escape it. What if I then at a later moment take this value from…
Kokos
  • 9,051
  • 5
  • 27
  • 44
16
votes
4 answers

Where are ORM's vulnerable for SQL injection?

When using ORM's (Entity Framework, LINQ to SQL, NHibernate ...), are SQL injection attacks mitigated by design? If not, where should I be doing some extra validation/scrubbing to prevent a vulnerability?
Brandon
  • 13,956
  • 16
  • 72
  • 114
16
votes
1 answer

Executing Named Queries in Athena

We want to execute a parameterized query in Athena using the javascript sdk by aws. Seems Athena's named query may be the way to do, but the documentation seems very cryptic to understand how to go about doing this. It would be great if someone can…
Jugal Thakkar
  • 13,432
  • 4
  • 61
  • 79
16
votes
1 answer

Why is it safe to write GraphQL queries client-side?

GraphQL was recently released, and it seems to encourage writing your queries client-side. What is it that makes it safe to write GraphQL queries client-side, but not SQL queries? Is GraphQL not subject to injections? If it's so useful to have your…
tybro0103
  • 48,327
  • 33
  • 144
  • 170
1 2 3
99 100