SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution.
7
votes
2answers
654 views
Preventing SQL injection by converting all characters to their ASCII values
Scenario
In order to prevent SQL injection, I'm converting every character of a string to be inserted in the database into its ASCII value before performing the query; in order to read the value of ...
4
votes
1answer
339 views
Prepared Statements / MySQLi / PHP Registration/Login Form
I'm just looking for some feedback here. I'm fairly new to MySQLi & PHP, but I've been working at it for a bit now, and reading up on how to make secure login forms, avoid SQL injection etc. I'm a ...
2
votes
1answer
111 views
Securing a form with image uploads
I am using PDO prepared statements to store user entered input and store that input to the database. The code will store a text input and 5 uploaded images.
Will this code protect from data SQL ...
-1
votes
1answer
39 views
SQL - Dynamic, avoiding SQL Injection [closed]
Aim: Dynamic SQL based on user input
Use: User search boxes to get a result
Query/Review Question: Does the below leave the code exposed to SQL Injection attacks?
...
4
votes
2answers
1k views
Possible SQL injection vulnerability searching for a product by ID?
I want to be sure that this isn't vulnerable to SQL injection. If yes, then how can it be improved?
...
1
vote
2answers
56 views
Inserting e-mail subscribers into MySQL
I'm new to Python and I am learning database connections from here.
This is the code I am using to insert e-mail subscribers into a table:
...
2
votes
1answer
71 views
Calling a MySQL procedure with an arbitrary parameter on a GoDaddy website
I'm deploying a PHP project, and I always try to use prepared statements, but unfortunately, GoDaddy does not have the mod mysqlnd which I use it for the function ...
5
votes
1answer
113 views
Is this query really vulnerable?
Is the following query is vulnerable in terms of $itemstatus? I want to be sure about it. $yesorno is a user input which is ...
6
votes
2answers
512 views
Converting multiple query to use parameters to avoid SQL injection
I have some dropdownlist in my aspx page and I am using the choices from them in my SQL query:
...
0
votes
2answers
88 views
1
vote
2answers
90 views
Does this code avoid SQL injection?
I have the following PHP code but I'm unsure, based on the many things I've read, whether or not this is actually safe from an SQL injection attack.
...
6
votes
1answer
85 views
Secure way to store passwords
Here I'm trying to develop a simple framework for my own purpose. I'm using PHP and PDO. But, I'm still worried about my password security codes. Below I have posted my codes. it stored like these in ...
8
votes
4answers
1k views
Inserting 1 line into my SQL database
This is for adding code into my table really easily, however it will be called 2000+ times per second, so I need to know if this is the most efficient code to add a row to the database.
...
5
votes
3answers
237 views
Regex to validate font names
/((([\w -]+)|("[\w -]+"))( *, *)?)+/
http://refiddle.com/18ql
I'm trying to use a PHP regex to sanitize a user input for a list of fonts. The above one seems to ...
10
votes
2answers
613 views
SQL injection safety check
I was wondering if my code is safe for sql injection.
This code just checks if the username exists in my db or not.
...
7
votes
2answers
1k views
Protect database from SQL Injection and similar attacks - PHP
I am doubtful about the security of my PHP code. I am new to programming, but want to learn how to secure things, protect my databases from SQL injection, and other best practices. I'd like to know if ...
3
votes
2answers
252 views
POST security with PDO?
So I have some code that works as PDO. But is it secure? I'm trying to prevent SQL injection. This is my first PDO script and was hoping to see if it was done correctly. Here it is.
...
4
votes
2answers
163 views
Injections and query
I made a class that connects to my DB and inserts some values. Is it secure or how can I protect this further from injections? The object declaration will come from variables with POST from a form, ...
2
votes
2answers
133 views
SQL Injection when not using variables
Do I still need to protect my code against SQL injection when I'm not using variables in SQL queries?
Is this code still vulnerable?:
...
1
vote
2answers
69 views
Where to protect DB data against XSS injections?
To protect my web site against XSS injection, I am using OWASP Encoding Project.
Is it a good idea to protect all data retrieved in my DB to avoid XSS by going throuh all the data just returned by ...
7
votes
2answers
129 views
How is my injection protection?
What do I need to do to prevent injections? In addition, if I have any statement/parameter errors, please tell me.
...
1
vote
1answer
162 views
How safe is my MySQL query?
I am using PDO for the first time in my project. In my previous project someone suggested me to use PDO as my queries were wide open to inject. I am pasting a sample code of my project. Can you ...
10
votes
4answers
756 views
Is this function vulnerable to SQL injection?
I've this function to list products from database by category. I'm using prepared statements but wouldn't this make it pretty pointless to use them?
...
10
votes
3answers
2k views
Creating ADODB Parameters on the fly
I have put together a small wrapper class to simplify creating parameterized ADODB queries with VB6/VBA. At this point I'm keeping things simple, so it's only supporting input parameters and from what ...
3
votes
1answer
293 views
Making VBA generated dynamic SQL statements safe against injection
I need to use SQL extensively in VBA macros that I write. Since the DB is from our enterprise application, I use vendor's library for this.
I generate dynamic queries, sometimes with many ...
4
votes
1answer
899 views
Using POST data to call a function from a specified class
I've inherited a class in a project which is purposed to execute a function that exists in POST data from a specified class. I've tried to clean this up as much as possible as well as secure it ...
4
votes
4answers
276 views
Adding entries to an MS Access file using OleDB
In the following piece of code I am adding entries to an MS Access file using OleDB. The purpose of this post is to point out my bad programming practices and if I have created any security flaws ...
5
votes
6answers
1k views
Using OLEDB to connect to a MS Access 2007 file
I am working on a program which use OLEDB to connect to a MS Access 2007 file. My program has a possibility to add and delete records from file by using SQL statements which select deleted item by ID.
...
