SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution.
2
votes
3answers
131 views
Booking appointments with MySQLi and PHP
The following code books one appointment for one or more slots. I have never used database before, but have seen so many warnings regarding SQL injections. Since it has never affected me I have not ...
2
votes
1answer
70 views
Function for inserting data into database
I have this function to ease out the task of inserting data into databases.
I am not very sure if it is secure to use it this way.
Any suggestions on improving it?
...
10
votes
4answers
5k views
Inserting robot moves into an SQLite3 database
I'm just wondering if you would consider this to be safe from SQL injection.
A peculiarity of my program is I need to dynamically access table names depending on my scenario.
This is not for ...
5
votes
2answers
269 views
Inserting a record into MySQL with a timestamp
I'm starting with PHP so I can save data to a MySQL database. I read a lot and it seems the "escape" strings is not so safe.
This is my code:
...
3
votes
1answer
75 views
Is this query vulnerable? ( MySQL Injections )
Already many days I'm documenting about the SQL Injection. I was wondering if the code I wrote is vulnerable in some of its parts.
...
1
vote
2answers
72 views
Security concern for SQL Injections/XSS
This question is everywhere, and I looked at many answers. A lot suggest using mysql_real_escape_string but that isn't an option, since it's depreciated now.
...
2
votes
2answers
58 views
PHP Dynamic QueryBuilder function - Security
This function is a working function, which builds a number of queries depending on the values of $_POST.
...
3
votes
1answer
65 views
Possibility of SQL Injection
I am requesting a review of a portion of a 600 lines of code. This portion of the code process a filter that is farther down the page. It takes in the parameters and formats them into a query. Now I ...
1
vote
1answer
77 views
Product inventory database
I just finished writing a program which working with a database. Throughout the process when working with people to get past some of the hurdles I faced I was ridiculed for my SQL statements. I have ...
3
votes
1answer
67 views
Stored procedure to query custom data tables as dynamic SQL
There's a lot going on here, but the background for why this is necessary is that there is a set schema, or 'core' set of tables that are prefixed with 'bu', and any core table can have a custom table ...
8
votes
3answers
1k views
Inserting OAuth data into a database
I am totally new to PHP. I just wrote a PHP script for google oauth to pull the data and insert into my database. I don't know if my code is vulnerable to SQL injection. Should I have used prepared ...
-1
votes
1answer
80 views
Improving PHP Security of Login
One of my github issues is below. I am having some problems with my security, is there anything that I should or need to improve. Here is an example of code that I use, but throughout the script there ...
-1
votes
2answers
96 views
Validating users with MySQL
One of my friends told me that my validate.php file has some problems with SQL injections. Please feel free to commit it on GitHub.
...
2
votes
2answers
85 views
4
votes
2answers
195 views
Increase view counter with each page view
My question is similar to before, but now the code has changed completely. I would like to understand if this code is vulnerable to mysql injection.
...
-2
votes
2answers
63 views
Authentication check in index.php file
I am aware that this code is vulnerable for SQL injections, but I don't know how to avoid it.
...
6
votes
1answer
162 views
mysql_safe_query()
I have been thinking of a sql-injection free implementation in dynamic languages. Here's what I came with. All the code was written just for fun and learning purposes.
I would like to share it and ...
4
votes
1answer
193 views
Validating user supplied input
I was assigned a task to fix the SQL injection flaw reported by a code analysis tool. I am not the original author of the code. I am fairly knowledgeable with SQL.
...
3
votes
1answer
276 views
Secure login system
The assignment is to create a login system secured for SQL injections and XSS.
It's in PHP and I'm using PDO with prepared statements obviously. Which from my point of view should protect against the ...
2
votes
3answers
2k views
A very secure procedural MySQLI login script against injections
I know there are other ways to create a login script like Object Oriented, Prepared Statements and PDO, but how about those old MySQL PHP users like me trying to change from old style to the new ways? ...
5
votes
1answer
357 views
For a login portal, what security measures are needed to prevent unauthorized access?
I'm designing a login portal that has one angularjs page that displays/processes data queried from a database. I'm relying on a few php pages (a loginpage.php [verifies credentials/loads session ...
1
vote
1answer
57 views
Populate the database with new tweet data from the json_cache table
I'm really a newbie with code, and I wish to prepare all my statements to avoid SQL injection. I have searched a lot on the internet, but this wrapper/API doesn't look anything like the examples given....
7
votes
2answers
844 views
Preventing SQL injection by converting all characters to their ASCII values
In order to prevent SQL injection, I'm converting every character of a string to be inserted in the database into its ASCII value before performing the query. In order to read the value of the string ...
6
votes
2answers
7k views
PHP registration/login form
I'm fairly new to MySQLi and PHP, but I've been working at it for a bit now, and reading up on how to make secure login forms, avoid SQL injection etc. I'm a mere amateur though.
I've created an ...
2
votes
1answer
286 views
Securing a form with image uploads
I am using PDO prepared statements to store user entered input and store that input to the database. The code will store a text input and 5 uploaded images.
Will this code protect from data SQL ...
5
votes
2answers
1k views
Possible SQL injection vulnerability searching for a product by ID?
I want to be sure that this isn't vulnerable to SQL injection. If yes, then how can it be improved?
...
1
vote
2answers
152 views
Inserting e-mail subscribers into MySQL
I'm new to Python and I am learning database connections from here.
This is the code I am using to insert e-mail subscribers into a table:
...
3
votes
1answer
137 views
Calling a MySQL procedure with an arbitrary parameter on a GoDaddy website
I'm deploying a PHP project, and I always try to use prepared statements, but unfortunately, GoDaddy does not have the mod mysqlnd which I use it for the function ...
5
votes
1answer
118 views
Is this query really vulnerable?
Is the following query is vulnerable in terms of $itemstatus? I want to be sure about it. $yesorno is a user input which is ...
6
votes
2answers
1k views
Converting multiple query to use parameters to avoid SQL injection
I have some dropdownlist in my aspx page and I am using the choices from them in my SQL query:
...
-1
votes
2answers
229 views
XSS vulnerability on website
I'm using these functions to filter all my input variables. I was quite confident it would protect my website from possible XSS and SQL injections, but there are still vulnerabilities.
Please suggest ...
0
votes
2answers
133 views
Does this code avoid SQL injection? [closed]
I have the following PHP code but I'm unsure, based on the many things I've read, whether or not this is actually safe from an SQL injection attack.
...
6
votes
1answer
101 views
Secure way to store passwords
Here I'm trying to develop a simple framework for my own purpose. I'm using PHP and PDO. But, I'm still worried about my password security codes. Below I have posted my codes. it stored like these in ...
8
votes
4answers
1k views
Inserting 1 line into my SQL database
This is for adding code into my table really easily, however it will be called 2000+ times per second, so I need to know if this is the most efficient code to add a row to the database.
...
5
votes
3answers
524 views
Regex to validate font names
/((([\w -]+)|("[\w -]+"))( *, *)?)+/
http://refiddle.com/18ql
I'm trying to use a PHP regex to sanitize a user input for a list of fonts. The above one seems to ...
10
votes
2answers
717 views
SQL injection safety check
I was wondering if my code is safe for sql injection.
This code just checks if the username exists in my db or not.
...
7
votes
2answers
2k views
User registration and login
I am doubtful about the security of my PHP code. I am new to programming, but want to learn how to secure things, protect my databases from SQL injection, and other best practices. I'd like to know if ...
3
votes
2answers
1k views
POST security with PDO?
So I have some code that works as PDO. But is it secure? I'm trying to prevent SQL injection. This is my first PDO script and was hoping to see if it was done correctly. Here it is.
...
4
votes
2answers
170 views
Injections and query
I made a class that connects to my DB and inserts some values. Is it secure or how can I protect this further from injections? The object declaration will come from variables with POST from a form, ...
1
vote
2answers
138 views
SQL Injection when not using variables
Do I still need to protect my code against SQL injection when I'm not using variables in SQL queries?
Is this code still vulnerable?:
...
2
votes
1answer
145 views
Displaying subcategories of subcategories
I wanted to know if this code is safe against SQL injection or not?
Also do I need to mysqli_close if I already did the ...
1
vote
2answers
85 views
Where to protect DB data against XSS injections?
To protect my web site against XSS injection, I am using OWASP Encoding Project.
Is it a good idea to protect all data retrieved in my DB to avoid XSS by going throuh all the data just returned by ...
6
votes
2answers
185 views
How is my injection protection?
What do I need to do to prevent injections? In addition, if I have any statement/parameter errors, please tell me.
...
1
vote
1answer
330 views
How safe is my MySQL query?
I am using PDO for the first time in my project. In my previous project someone suggested me to use PDO as my queries were wide open to inject. I am pasting a sample code of my project. Can you ...
10
votes
4answers
794 views
Listing products from a database
I've this function to list products from database by category. I'm using prepared statements, but wouldn't this make it pretty pointless to use them?
...
17
votes
4answers
7k views
Creating ADODB Parameters on the fly
I have put together a small wrapper class to simplify creating parameterized ADODB queries with VB6/VBA. At this point I'm keeping things simple, so it's only supporting input parameters and from what ...
5
votes
1answer
1k views
Making VBA generated dynamic SQL statements safe against injection
I need to use SQL extensively in VBA macros that I write. Since the DB is from our enterprise application, I use vendor's library for this.
I generate dynamic queries, sometimes with many ...
4
votes
1answer
1k views
Using POST data to call a function from a specified class
I've inherited a class in a project which is purposed to execute a function that exists in POST data from a specified class. I've tried to clean this up as much as possible as well as secure it ...
3
votes
4answers
230 views
SQL-injection mitigation script
I'll gladly appreciate it if you could review my code below and let me know if they are sufficiently secure.
My main website and these scripts will use same database, so I need to make sure they are ...
-1
votes
2answers
225 views
Search for a transaction
Could you have a quick look over my code to see if it's safe from SQL injection etc.. and suggest any amendments?
...
