Stack Overflow
Stack Overflow

Questions tagged [sql-injection]

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

SQL injection exploits a type of computer security vulnerability found in applications with SQL databases. It enables attackers to apply malicious SQL commands to the database via user input. It can for example extract, alter or delete sensitive data.

The vulnerability is present when user input is used directly in the SQL commands, instead of as parameters or properly filtered (also known as "sanitized", e.g. by quoting escape characters). It happens primarily because of poorly written SQL handling functions in client applications.

See famous example - Bobby Tables incident and the community wiki question's answer How can I prevent SQL injection in PHP?

Useful Links

3768 questions
1
vote
2 answers

MS Access - prevent SQL injection in connection string

I have an Access database that must connect to Oracle programmatically to create a linked table. The connection string is of the form: ODBC;Driver={Microsoft ODBC for Oracle};Pwd=;UID=;Server= Currently the login info is…
FrustratedWithFormsDesigner
  • 26,726
  • 31
  • 139
  • 202
1
vote
0 answers

Escape user-supplied strings for QSqlTableModel.setFilter

I want to use a QSqlTableModel to give me filtered data, with the filters derived from user input. I know that I can pass a WHERE clause without the WHERE to QSqlTableModel.setFilter. That method, however, looks very permissive (eg. it can run on…
Anaphory
  • 6,045
  • 4
  • 37
  • 68
1
vote
1 answer

ZAP Report is saying SQL injection

I performed a scan through ZAP, it is showing SQL injection in report, However I am not able to regenerate it manually. Can someone guide me ? I tried to post the same request in "Postman" but its saying "Please provide token". Click here to see…
Dhaval Dosi
  • 25
  • 5
1
vote
3 answers

How do I write an SQL query that will safely insert a record into a variable table name?

I have a function that inserts a record into a table. The name of the table needs to be a parameter of the function, and the column names are obtained dynamically. To guard against SQL Injection, I would like to use PostgreSQL's parameterized…
Brian H.
  • 2,092
  • 19
  • 39
1
vote
1 answer

Secure full where statement when it comes as a string

I have the following C# function SomeFunction(string table, string column, string where) { Sql sql = new Sql("SELECT "); // [...] validate table and column values sql.Append(column); …
Victor
  • 907
  • 2
  • 17
  • 42
1
vote
1 answer

using quote_literal while insertin in plpgsql

I am new to plpgsql and seems so confusing. I want to test the strength of quote_literal against SQL injection attacks, so I try to INSERT. I am not an expert in SQL injection attacks either, I just try to recreate examples I see. If I use…
codebot
  • 517
  • 8
  • 29
  • 55
1
vote
1 answer

mysql query + sprintf = injection?

i always like to use other sanitazing methods (and prepared statments) but i am under certain conditions where the client doesn`t want me to change a single line from his original script (im only going to add a plugin) im worried someone could…
braindamage
  • 2,226
  • 4
  • 24
  • 33
1
vote
1 answer

Can this SQL pivot query be parameterized to avoid SQL injection?

I have a need to use pivot to create a result set, but part of the issue is the columns (i.e. dbo.TrainingType.Title) are a result of user input. I've thought about using a function to filter out potential keywords, or clean the user's input, but…
user1447679
  • 3,076
  • 7
  • 32
  • 69
1
vote
1 answer

duplicate-key error in mysql triggered by count(*) on group by

hi every one i was reading a sans book about blind sql injection the author of the book mention that if you want to trigger an error in mysql use this query and inject it in the target 1 and (select 1 from (select count(*),concat(/*your…
zerocool
  • 3,256
  • 2
  • 24
  • 40
1
vote
1 answer

PHP SQL-Injection not working

my problem is that my SQL-Injection isnt working. My normal login and registration is working as intended, but this important part isnt.
brian michelson
  • 45
  • 1
  • 8
1
vote
4 answers

Does prepared statement protect me from seeing garbage in my database?

Basically I started to use prepared statements after I've read some articles on the internet which said that it's an easy way to prevent sql injection. Jumping to my scenario, I have a logExit function which inserts into the DB the page that the…
paulalexandru
  • 9,218
  • 7
  • 66
  • 94
1
vote
2 answers

A better way to clean data before writing to database

I'm using PHP and MySQL to power a basic forum. When users use the apostrophe (') or insert links into their post, the mysql_real_escape_string function is adding \ to the text. When displaying the post, the links don't work, and all the…
thisisready
  • 623
  • 2
  • 10
  • 22
1
vote
2 answers

Does WordPress escape data to prevent SQL injections when using the Settings API?

I'm having a difficult time finding any information on this topic. I'm creating a plugin that allows users to add custom JS code such as, but not limited to, Google Analytics. To do this, I used the Settings API to create a settings page with a few…
user4181107
  • 321
  • 2
  • 17
1
vote
3 answers

Does an htaccess rewrite rule help prevent SQL Injection?

I have the following rule in htaccess: RewriteRule ^([a-zA-Z0-9\-\_]+)/?$ test.php?&url=$1 [L] My question is this: If I have the following URL http://www.example.com/this-is-a-title Is the $url variable subject to SQL injection, or should I not…
kylex
  • 14,178
  • 33
  • 114
  • 175
1
vote
3 answers

Query doesn't add parameters' value when executed

I want to insert multiple rows into my database, I tried to use parameters but I did something wrong. In debug mode, the parameters do have values, but once the insert is done, I still have @compte, @mo, @userimp in my database instead of their…
FistiPaul
  • 53
  • 1
  • 11
1 2 3
99
100