sql-injection

问题 This question already has answers here : How can I sanitize user input with PHP? (17 answers) Closed 6 years ago . i want to check my data from the user for XSS and SQL injection and this is how i tried if (isset($_GET['membernumber'])) { $mem = htmlentities($_GET['membernumber']); $memberparamter = cleanData($mem); } But which method is the best/correct way to check? Method 1 function cleanData($data) { $data=mysql_real_escape_string($data); $data=trim($data); $data=stripcslashes($data);

问题 I have a requirement in AngularJs project on login and other form, to restrict user inputs which contain specific keywords like "SELECT","INSERT", "UPDATE", DELETE","DROP" etc in input fields. This will help us prevent SQL injection attacks. Please let me know if we have any angularjs library to accomplish this. Or how can this be achieved efficiently using angularjs? Thanks. 回答1: Black list is NOT the answer in security. If you check for the word "select", the attacker will inject "sElEct"

问题 I was wondering is it possible to just my_sql_escape string the whole $_POST and $_GET array so you dont miss any variables? Not sure how to test it or I would've myself. Thanks! 回答1: I would use the array_walk() function. It's better suited because modifies the POST superglobal so any future uses are sanitized. array_walk_recursive( $_POST, 'mysql_real_escape_string' ); However, make sure that you don't rely on this line to completely protect your database from attacks. The best protection

问题 I'm creating a site where the user unfortunately has to provide a regex to be used in a MySQL WHERE clause. And of course I have to validate the user input to prevent SQL injection. The site is made in PHP, and I use the following regex to check my regex: /^([^\\\\\']|\\\.)*$/ This is double-escaped because of PHP's way of handling regexes. The way it's supposed to work is to only match safe regexps, without unescaped single quotes. But being mostly self-taught, I'd like to know if this is a

问题 So I've been trying to replicate a second order SQL Injection. Here's an example template of two php based sites that I've prepared. Let's just call it a voter registration form. A user can register and then you can check if you're a registered voter or not. insert.php <?php $db_selected = mysql_select_db('canada',$conn); if (!db_selected) die("can't use mysql: ". mysql_error()); $sql_statement = "INSERT into canada (UserID,FirstName,LastName,Age,State,Town) values ('".mysql_real_escape

问题 If I remember correctly, I think Jeff has mentioned in the Stack Overflow podcast a possible weakness in SQL prepared statements. I'm wondering what kind(s) of weakness(es) did he refer to? Was it possibly just about inappropriate usage thereof, or something more sinister? The podcast, to my remembering, didn't go deeper into the subject, it was just a pass-by-remark. 回答1: I think what he said was that, when you use Prepared Statements, SQL server could cache your query execution plan, so,

问题 If I remember correctly, I think Jeff has mentioned in the Stack Overflow podcast a possible weakness in SQL prepared statements. I'm wondering what kind(s) of weakness(es) did he refer to? Was it possibly just about inappropriate usage thereof, or something more sinister? The podcast, to my remembering, didn't go deeper into the subject, it was just a pass-by-remark. 回答1: I think what he said was that, when you use Prepared Statements, SQL server could cache your query execution plan, so,

问题 I am trying to exploit (legally) a MariaDb database with an SQLi vulnerability. I have identified the vulnerability here... /?o=1&page=app The o=* is vulnerable and produces the following error... DEBUG INFO: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '5' or dest like '1'') LIMIT 10' at line 1 I am using Burp Suite and have landed upon the following syntax which seems to be closer to the mark but is

问题 I need to avoid being vulnerable to SQL injection in my ASP.NET application. How might I accomplish this? 回答1: Even though your question is very generic, a few rules always apply: Use parameterized queries ( SqlCommand with SqlParameter ) and put user input into parameters. Don't build SQL strings out of unchecked user input. Don't assume you can build a sanitizing routine that can check user input for every kind of malformedness. Edge cases are easily forgotten. Checking numeric input may be

问题 I had this discussion with a high reputation PHP guy: PDO has no use here. as well as mysql_real_escape_string. extremely poor quality. This of course is cool, but I honestly don't know what's wrong with suggesting use of mysql_real_escape_string or PDO to fix this code: <script type="text/javascript"> var layer; window.location.href = "example3.php?layer="+ layer; <?php //Make a MySQL connection $query = "SELECT Category, COUNT(BUSNAME) FROM ".$_GET['layer']." GROUP BY Category"; $result =