SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution.
9
votes
2answers
483 views
SQL injection safety check
I was wondering if my code is safe for sql injection.
This code just checks if the username exists in my db or not.
...
7
votes
2answers
446 views
Protect database from SQL Injection and similar attacks - PHP
I am doubtful about the security of my PHP code. I am new to programming, but want to learn how to secure things, protect my databases from SQL injection, and other best practices. I'd like to know if ...
0
votes
0answers
12 views
Are these linked server queries susceptible to SQL injection? [migrated]
I'm using a stored procedure to generate a create table script on the fly based on parameters passed into it. I am validating that the server exists, and then validating if the table exists in the ...
3
votes
2answers
79 views
POST security with PDO?
So I have some code that works as PDO. But is it secure? I'm trying to prevent SQL injection. This is my first PDO script and was hoping to see if it was done correctly. Here it is.
...
4
votes
2answers
153 views
Injections and query
I made a class that connects to my DB and inserts some values. Is it secure or how can I protect this further from injections? The object declaration will come from variables with POST from a form, ...
1
vote
2answers
56 views
Where to protect DB data against XSS injections?
To protect my web site against XSS injection, I am using OWASP Encoding Project.
Is it a good idea to protect all data retrieved in my DB to avoid XSS by going throuh all the data just returned by ...
7
votes
2answers
96 views
How is my injection protection?
What do I need to do to prevent injections? In addition, if I have any statement/parameter errors, please tell me.
...
-2
votes
1answer
57 views
ColdFusion Oracle Sql Injection Example [closed]
Assuming ColdFusion 10,0,13,287689 and Oracle Database 11g Enterprise Edition Release 11.2.0.2.0 - 64bit Production.
With this example...
...
1
vote
1answer
102 views
How safe is my MySQL query?
I am using PDO for the first time in my project. In my previous project someone suggested me to use PDO as my queries were wide open to inject. I am pasting a sample code of my project. Can you ...
10
votes
4answers
702 views
Is this function vulnerable to SQL injection?
I've this function to list products from database by category. I'm using prepared statements but wouldn't this make it pretty pointless to use them?
...
7
votes
2answers
276 views
Creating ADODB Parameters on the fly
I have put together a small wrapper class to simplify creating parameterized ADODB queries with VB6/VBA. At this point I'm keeping things simple, so it's only supporting input parameters and from what ...
3
votes
1answer
67 views
Making VBA generated dynamic SQL statements safe against injection
I need to use SQL extensively in VBA macros that I write. Since the DB is from our enterprise application, I use vendor's library for this.
I generate dynamic queries, sometimes with many ...
4
votes
1answer
354 views
Using POST data to call a function from a specified class
I've inherited a class in a project which is purposed to execute a function that exists in POST data from a specified class. I've tried to clean this up as much as possible as well as secure it ...
