Stack Overflow
Stack Overflow

Questions tagged [sql-injection]

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

SQL injection exploits a type of computer security vulnerability found in applications with SQL databases. It enables attackers to apply malicious SQL commands to the database via user input. It can for example extract, alter or delete sensitive data.

The vulnerability is present when user input is used directly in the SQL commands, instead of as parameters or properly filtered (also known as "sanitized", e.g. by quoting escape characters). It happens primarily because of poorly written SQL handling functions in client applications.

See famous example - Bobby Tables incident and the community wiki question's answer How can I prevent SQL injection in PHP?

Useful Links

3768 questions
14
votes
1 answer

Compose dynamic SQL string with psycopg2

I use psycopg2 in python (2.7.10) to connect to a postgresql DB. The docs are pretty clear about composition of dynamic SQL statements: Never, never, NEVER use Python string concatenation (+) or string parameters interpolation (%) to pass variables…
Dschoni
  • 3,714
  • 6
  • 45
  • 80
14
votes
3 answers

Do I need to sanitize the user input Laravel

I am using Laravel 4 with Eloquent. When I get the user input I just use $name=Input::get('name') and then I do $a->name=$name; I don't know if the function Input::get protect me from SQL Injection and XSS. If it does not, what do I have to do to…
cruster946
  • 475
  • 2
  • 6
  • 16
14
votes
2 answers

Are there any security vulnerabilities in this PHP code?

I just got a site to manage, but am not too sure about the code the previous guy wrote. I'm pasting the login procedure below, could you have a look and tell me if there are any security vulnerabilities? At first glance, it seems like one could get…
Neil
  • 3,100
  • 5
  • 29
  • 36
14
votes
2 answers

What does bind_param accomplish?

I'm learning about avoiding SQL injections and I'm a bit confused. When using bind_param, I don't understand the purpose. On the manual page, I found this example: $stmt = mysqli_prepare($link, "INSERT INTO CountryLanguage VALUES (?, ?, ?,…
EveyPortman
  • 394
  • 2
  • 4
  • 17
14
votes
1 answer

Does Hibernate Criteria Api completely protect from SQL Injection

I am working with Hibernate to protect my website from SQL Injection. I heard that Hibernate Criteria API is more powerful than HQL. Does Hibernate Criteria Api completely protect from SQL Injection?
ѕтƒ
  • 3,547
  • 10
  • 47
  • 78
14
votes
3 answers

SQL Injection attack - What does this do?

I have detected some failed SQL injection attacks on my website. The failed queries are of the form: SELECT 6106 FROM(SELECT COUNT(*),':sjw:1:ukt:1'x FROM information_schema.tables GROUP BY x) The ':sjw:1:ukt:1' part is specially constructed…
Ali
  • 1,462
  • 2
  • 17
  • 32
14
votes
1 answer

Showing custom error message on exception: A potentially dangerous Request.Form value was detected from the client

I am using Login Control of ASP.NET in my web application. I want to show a funny type of error on a label when this exception occures System.Web.HttpRequestValidationException: A potentially dangerous Request.Form value was detected from the client…
Aishwarya Shiva
  • 3,460
  • 15
  • 58
  • 107
13
votes
1 answer

Dangerous query method deprecation warning on Rails 5.2.3

I am in the process of upgrading my Rails app to 5.2.3 I am using the following code in my app. MyModel.order('LOWER(name) ASC') It raises the following deprecation warning: DEPRECATION WARNING: Dangerous query method (method whose arguments are…
user11350468
  • 1,357
  • 1
  • 6
  • 22
13
votes
1 answer

How to execute arbitrary parameterized SQL in rails

For performance reasons, I need to write a new method in my Rails model that executes some arbitrary SQL: UPDATE table SET col1 = ? AND col2 = ? WHERE id = ? I understand I can use ActiveRecord::Base.connection.execute or…
nohat
  • 7,113
  • 10
  • 40
  • 43
13
votes
1 answer

Is "mysqli_real_escape_string" enough to avoid SQL injection or other SQL attacks?

This is my code: $email= mysqli_real_escape_string($db_con,$_POST['email']); $psw= mysqli_real_escape_string($db_con,$_POST['psw']); $query = "INSERT INTO `users` (`email`,`psw`) VALUES ('".$email."','".$psw."')"; Could someone tell me if it…
xRobot
  • 25,579
  • 69
  • 184
  • 304
13
votes
9 answers

Are there any differences between SQL Server and MySQL when it comes to preventing SQL injection?

I am used to developing in PHP/MySQL and have no experience developing with SQL Server. I've skimmed over the PHP MSSQL documentation and it looks similar to MySQLi in some of the methods I read about. For example, with MySQL I utilize the function…
Derek Adair
  • 21,846
  • 31
  • 97
  • 134
13
votes
9 answers

Decoding mysql_real_escape_string() for outputting HTML

I'm trying to protect myself from sql injection and am using: mysql_real_escape_string($string); When posting HTML it looks something like this:

Peter Craig
  • 7,101
  • 19
  • 59
  • 74
13
votes
10 answers

ColdFusion Security

What are the best practices for securing a coldfusion webpage from malicious users? (including, but not limited to, sql injection attacks) Is cfqueryparam enough?
Andrew
  • 133
  • 4
13
votes
4 answers

Where to use mysql_real_escape_string to prevent SQL Injection?

I'm in trouble with a group of hackers. they hacked my client's site few times, and my client gets more angry :( my client lost his database (which has hundreds records), and had to enter all :( now I'm following some more introductions; fixed…
designer-trying-coding
  • 5,994
  • 17
  • 70
  • 99
13
votes
1 answer

Safely escape strings for SQL fragments for joins, limits, selects, and so on (not conditions) on Rails

In Ruby on Rails, for conditions, it's easy to make SQL-injection-proof queries: :conditions => ["title = ?", title] where title comes from the outside, from a web form or something like that. But what if you are using SQL fragments in other parts…
Pablo Fernandez
  • 279,434
  • 135
  • 377
  • 622
1 2 3
99 100