sql-injection

问题 Coming from a jsp and servlet background I am interested to know how django copes with SQL injection hacks. As a servlet and jsp developer I would use prepared statements which gives me some form of protection. How does django cope with custom queries, for example a custom search field. 回答1: If you use querysets, django will escape your variables automatically. If you use RAW queries or things like the .extra method you'll have to take extra care and for example use parameter binding. More

问题 I need to know the process of the SQL injection attack on registration form made by ASP or ASP.Net? 回答1: here is a simple example: screen input: enter your name: Bill'); delete from users -- build query insert into users (name) values ('''+@Name+''')' actual query: insert into users (name) values ('Bill'); delete from users --') what happens: all your users get deleted FYI, not sure of the database you're using, but @Name is a variable, and "--" is a comment 回答2: See How to avoid SQL

问题 I am using asp.net mvc 3 with WCF with EF 4.1 With Sql Azure. I am building the search engine for my application. and using the dynamic Linq to build queries. I want to avoid the sql injetion in this scenario. what is the best practice for the same ? what are the precaoution i should take in this scenario ? 回答1: As long as your are building your queries through LINQ, then you are not vulnerable to SQL injection. While this doesn't mean that your code is invulnerable to ALL sorts of attacks

问题 Is there a static analysis tool for identifying sql injection for php/mysql. A tool which run on a php script would analyze the sql statements and find if there are any possible sql injection possibilities for the sql statements. 回答1: Not sure if a tool like that exists for PHP Script, but the security compass tools are great for a first analysis : http://labs.securitycompass.com/index.php/exploit-me/ 回答2: What I found is rather disappointing. RATS (branded as Fortify) has some PHP suport,

问题 I know there have been a lot of questions asked already about this topic. And I also know that the way to go are prepared statements. However I have still not completely understood if or how the following could become a security problem: $mysqli = new mysqli("localhost", "root", "", "myDatabase"); $mysqli->set_charset("utf8"); $pw = mysqli_real_escape_string($mysqli,$_POST['pw']); $username = mysqli_real_escape_string($mysqli,$_POST['username']); $str = "SELECT * FROM users WHERE id='".$id."'

问题 This question already has answers here : Closed 8 years ago . Possible Duplicate: PHP: the ultimate clean/secure function I found this code snippet here: http://snipplr.com/view/12853/clean-variables-from-sql-injections/ The author claims: This little function helps to fight common security issue with SQL injections, it can sanitize any global variable like $POST, $GET, $_SERVER etc and escape unsafe characters. Is this code safe? function _clean($str){ return is_array($str) ? array_map('

问题 is it safe to use cast (int) instead of escaping? class opinion { function loadbyopinionid($opinionid){ $opinionid=(int)$opinionid; mysql_query("select * from fe_opinion where opinionid=$opinionid"); //more code } } 回答1: mysql_real_scape_string is for STRINGS . it will not make an integer 'safe' for use. e.g. $safe = mysql_real_escape_string($_GET['page']); will do NOTHING where $_GET['page'] = "0 = 0"; because there's no SQL metacharacters in there. your query would end up something like

问题 Can I avoid all SQL-injection attacks by using parameters? And don't worry about any thing in SQL injection in this case? Or are there some types of these attacks which require more care on the part of the programmer? 回答1: No, you can't avoid all SQL injection attacks by using parameters. Dynamic SQL is the real issue, and this can occur in stored procedures as well as in your application code. E.g., this is prone to a SQL injection attack: your parameterized query passes a username to a

问题 Is there any way to confirm that a particular breach of security was done through SQL injection? 回答1: There is no easy way here , but if you have the enabled the SQL server you use to log every single sql statement, here is what I would do. Normally, when I SQL inject somewhere, i use one of these as my always true statement for passing throgh the Where clause, after ending the former string. 1=1 0=0 both being used as : blahblahblah' or 1=1 -- You would not use this clauses in everyday code.

问题 I want to allow users to query a database with some fairly flexible criteria. I could just use the following: String slqCmdTxt = "SELECT * FROM TheTable WHERE " + userExpression; However, I know this is wide open to SQL injection. Using parameters is good, but I don't see a way to allow very flexible queries. How can I allow flexible database queries without opening myself up to SQL injection? More Details: There are really two tables, a master and a secondary with attributes. One master