Software Engineering Stack Exchange
Software Engineering Stack Exchange

Questions tagged [sql-injection]

SQL injection is a security vulnerability allowing an attacker to execute arbitrary SQL statements against a database using a variety of inputs. This includes dynamic SQL statements or SQL statements created in an application by concatenating strings with user input.

SQL injection vulnerabilities are a perennial member of the OWASP Top 10 for which Randall Munroe of XKCD fame has forever memorialized in Little Bobby Tables.

XKCD comic #327 depicting a call from the school to a mom whose child comprised their IT system by changing his name to Robert'); DROP TABLE Students;--

15 questions
108
votes
7 answers

You're hired to fix a small bug for a security-intensive site. Looking at the code, it's filled with security holes. What do you do?

I've been hired by someone to do some small work on a site. It's a site for a large company. It contains very sensitive data, so security is very important. Upon analyzing the code, I've noticed it's filled with security holes - read, lots of PHP…
MaiaVictor
  • 5,860
60
votes
16 answers

Why did SQL injection prevention mechanism evolve into the direction of using parameterized queries?

The way I see it, SQL injection attacks can be prevented by: Carefully screening, filtering, encoding input (before insertion into SQL) Using prepared statements / parameterized queries I suppose that there are pros and cons for each, but why did…
Dennis
  • 8,267
  • 6
  • 38
  • 70
15
votes
6 answers

Discovered large security hole in someone elses website... What to do?

A chap I'm bidding to do some development for has a social network he wrote himself. Not the next facebook by any stretch. But a few thousand local users. I went to have a look at it to see what level of knowledge he had so I knew how to position…
bencoder
  • 329
13
votes
3 answers

Is reliance on parametrized queries the only way to protect against SQL injection?

All I have seen on SQL injection attacks seems to suggest that parametrized queries, particularly ones in stored procedures, are the only way to protect against such attacks. While I was working (back in the Dark Ages) stored procedures were viewed…
Chris Walton
  • 424
7
votes
5 answers

Are SQL Injection vulnerabilities in a PHP application acceptable if mod_security is enabled?

I've been asked to audit a PHP application. No framework, no router, no model. Pure PHP. Few shared functions. HTML, CSS, and JS all mixed together. I've discovered numerous places where SQL injection would be easily possible. There are other…
Austin Smith
  • 73
5
votes
1 answer

Is there a database programming language with encapsulation to prevent the injections?

One of things that annoys me about SQL is that it can't think in terms of objects and it's lack of encapsulation makes me constantly have to escape commands to prevent injections. I want a database language that can be polymorphic and secure. I have…
DrinkJavaCodeJava
  • 215
  • 1
  • 1
2
votes
1 answer

How to check for vulnerabilities in web application

I have developed a web application using zend framework, mysql, and other client side technologies like javascript, jquery ajax, kendo grid, and so on. I have completed development and have done several rounds of testing to make sure the functional…
웃웃웃웃웃
  • 131
1
vote
2 answers

SQL injection attacks, how do I test and secure coldfusion queries?

I'm running Coldfusion 8 and SQL server 2008. I've been building serveral forms that insert data into the database from external users, we have a custom built security module built by the guy who I've taken his job. 1) How can we test our HTML…
Snow_Mac
  • 349
1
vote
1 answer

Converting a large PHP codebase from mysql_ to PDO

At my workplace we're soon going to be tasked with removing SQL injection vulnerabilities from a large code base. The application was originally written around 8 years ago and after years of bolt-ons and additional features, security is finally…
Adam Copley
  • 472
1
vote
1 answer

Is this type of data insertion safe and can stop sql injection in Python?

I am learning Database connection from MySQL Connector/Python Developer Guide. This is the code I am using to insert data: conn = mysql.connector.connect(user="user", password="password", host="127.0.0.1", database="db") cursor = conn.cursor() query…
CS GO
  • 111
1
vote
4 answers

Database Handler and SQL injection prevention

I've written a database model class in PHP and have written a controller class that specifically validates the data before sending it to db. I'm getting criticism that I should handle the data in database model class rather than controller class. I…
Syntax Error
  • 155
0
votes
2 answers

How to minimize the issues when SQL PreparedStatement is not an option

The application in question is integrating with BigImportantThing (BIT). Part of our application's job is to provide a better interface, so this is something to resolve within our application. The application is written in Java. We need to fetch…
Mr Redstoner
  • 109
0
votes
1 answer

Variable WHERE clause while avoiding sql injection

I want the user to be able to provide a custom WHERE statement against a mysql-backed platform... do I need to worry about any possible SQL injection attacks notwithstanding invalid sql? See the pseudo code below. return sqlExec("select a,b,c from…
Sanchke Dellowar
  • 1
0
votes
2 answers

Is my application vulnerable to SQL injection if I don't specify each type in Doctrine2?

I thought Doctrine 2 DBAL prepared statements were safe from SQLi. But I found this confusing bit in the docs: By default the Doctrine DBAL does no escaping. Escaping is a very tricky business to do automatically, therefore there is none by …
ChocoDeveloper
  • 393
  • 1
  • 4
  • 14
-1
votes
3 answers

General SQL Question

Let's say a user goes to the log in page of my website and creates an account. Instead of entering their real name, they decide to write some sql code and try to gain access to my database. I have prepared statements to prevent any harmful code…
Cole
  • 1