All Questions
Tagged with sql-injection sql
19 questions
-3
votes
1
answer
112
views
-1
votes
2
answers
152
views
My Script Inserts users into a database and hashes the password, I need to know how to prevent SQL injection with Procedural-Oriented MySQLi [closed]
My script works but I just want to know how I can protect myself from SQL injection with Procedural Oriented MySQLi. Most of the tutorials are about Object-Oriented MySQLi and I'm not familiar with it ...
3
votes
1
answer
847
views
Does PDO::quote helps me to protect me against sql injection?
I have to process raw sql user input with Laravel. I've backed them up as follows:
...
12
votes
1
answer
317
views
Safe dynamic SQL for generic search
Prompted by discussion about SQL injection, I wanted to put a proof of concept forward to get feedback about whether this is in fact safe and protected against SQL injection or other malicious use. ...
- 2,039
3
votes
2
answers
332
views
Database Model Security For Book Inventory
This code is one of the models developed for the Book Inventory application that is open for review. It is also based on a comment on this answer to a C# question. Based on the comment I did some ...
- 26.2k
1
vote
1
answer
102
views
PHP code for search page
Want to show you part of code that I wrote to process search request. User commit search by articles (codes) of products. The goal is to allow user write his search request to textarea element in any ...
- 11
2
votes
2
answers
146
views
0
votes
1
answer
217
views
PHP & MySQLi Login Script - Is it safe from Injection?
I've been geeking up on MySQLi prepared statements to avoid potential SQL injection and I have managed to modify my legacy code (previously just using mysqli_real_escape_string).
I am looking for ...
3
votes
2
answers
187
views
User authentication SQL injection [closed]
Is this authentication mechanism vulnerable to SQL injection?
If so, how could one exploit it, and what is the most effective way to mitigate this?
...
- 41
2
votes
3
answers
3k
views
Booking appointments with MySQLi and PHP
The following code books one appointment for one or more slots. I have never used database before, but have seen so many warnings regarding SQL injections. Since it has never affected me I have not ...
- 123
2
votes
2
answers
1k
views
PHP Dynamic QueryBuilder function - Security
This function is a working function, which builds a number of queries depending on the values of $_POST.
...
- 181
3
votes
1
answer
172
views
Stored procedure to query custom data tables as dynamic SQL
There's a lot going on here, but the background for why this is necessary is that there is a set schema, or 'core' set of tables that are prefixed with 'bu', and any core table can have a custom table ...
- 131
5
votes
1
answer
358
views
Validating user supplied input
I was assigned a task to fix the SQL injection flaw reported by a code analysis tool. I am not the original author of the code. I am fairly knowledgeable with SQL.
...
- 161
7
votes
2
answers
1k
views
Preventing SQL injection by converting all characters to their ASCII values
In order to prevent SQL injection, I'm converting every character of a string to be inserted in the database into its ASCII value before performing the query. In order to read the value of the string ...
- 277
2
votes
1
answer
553
views
Securing a form with image uploads
I am using PDO prepared statements to store user entered input and store that input to the database. The code will store a text input and 5 uploaded images.
Will this code protect from data SQL ...
- 153