SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution.
8
votes
4answers
644 views
Is this function vulnerable to SQL injection?
I've this function to list products from database by category. I'm using prepared statements but wouldn't this make it pretty pointless to use them?
...
7
votes
2answers
81 views
Creating ADODB Parameters on the fly
I have put together a small wrapper class to simplify creating parameterized ADODB queries with VB6/VBA. At this point I'm keeping things simple, so it's only supporting input parameters and from what ...
3
votes
1answer
40 views
Making VBA generated dynamic SQL statements safe against injection
I need to use SQL extensively in VBA macros that I write. Since the DB is from our enterprise application, I use vendor's library for this.
I generate dynamic queries, sometimes with many ...
3
votes
1answer
143 views
Using POST data to call a function from a specified class
I've inherited a class in a project which is purposed to execute a function that exists in POST data from a specified class. I've tried to clean this up as much as possible as well as secure it ...
