sql-injection

问题 Hi I am using a dataset and in that dataset I have a table adapter. In my table adapters I have used stored procedures as queries. If I use the following lines to insert form data using my table adapter, is it safe against SQL injection? Thanks. UserDataSetTableAdapters.UserInformationTableAdapter myFactory = new TestProject.UserDataSetTableAdapters.UserInformationTableAdapter(); myFactory.spTest_InsertUserInformation(id, frmAddress); 回答1: Without posting your stored-procedure code, there's

问题 Let's consider i have this line of code $result = $mysqli->query("SELECT * from myTable where field='".$_GET['var']."'); IMHO this is vulnerable to SQL injections. So I'd like to prove it trying by sending via Get / URL a "var" param that will inject the query, with potential malicious code. I actually tryed this: var = "1'; TRUNCATE myTable; "; I tryed to print out the SQL string query before executing it and it's actually 2 SQL valid statements. SELECT * from myTable where field='1';

问题 If ViewStatemac is enabled in an ASP.NET application can a user modify what is in ViewState and successfully pass it back to the server? I have an applicaiton (that someone else wrote) that is using what is in ViewState to create an non-parameterized ORDER BY clause in a SQL query. Should I be worried about SQL Injection? 回答1: If ViewStateMAC is enabled the attacker would need to be able to crack the "machine key" in order to alter the ViewState, so it should be reasonably secure if this

问题 This question already has answers here : How can I prevent SQL injection in PHP? (28 answers) Closed 3 years ago . I know that mysqli_real_escape_string Function can be used to prevent SQL injections. ( However, mysql_real_escape_string() will not protect you against some injections) My question is when should I use mysqli_real_escape_string() function? Situation 01 I have a registration form with 4 fields called First Name, Last Name, Email, Password. Should I use mysqli_real_escape_string()

问题 I found existing questions similar to this one that did not actually have a clear answer to the question. A normal batch preparedstatement with one sql query would look something like this: private static void batchInsertRecordsIntoTable() throws SQLException { Connection dbConnection = null; PreparedStatement preparedStatement = null; String insertTableSQL = "INSERT INTO DBUSER" + "(USER_ID, USERNAME, CREATED_BY, CREATED_DATE) VALUES" + "(?,?,?,?)"; try { dbConnection = getDBConnection();

问题 I've inherited a large amount of Classic ASP code that is currently missing SQL injection protection, and I'm working on it. I've examined in detail the solutions offered here: Classic ASP SQL Injection Protection On the database side, I have a Microsoft SQL server 2000 SP4 Unfortunately stored procedures are not an option. After studying php's mysql_real_escape_string ( http://www.w3schools.com/php/func_mysql_real_escape_string.asp ) , I've replicated its functionality in ASP. My question(s)

问题 What are the Rails methods that are vulnerable to SQL injection, and in what form? For example, I know that where with a string argument is vulnerable: Model.where("name = #{params[:name}") # unsafe But a parameterized string or hash is not: Model.where("name = ?", params[:name]) # safe Model.where(name: params[:name]) # safe I'm mostly wondering about where , order , limit and joins , but would like to know about any other methods that might be attack vectors. 回答1: In Rails, where , order ,

问题 I came to a company that already has a fully grown project... but coders that worked here before me didn't follow conventions and didn't use parametrized SQL queries... as a result there is over 1000 places in a very huge project that can possibly be vulnerable to SQL injection... I need to find a solution that will automatically detect if there is an SQL injection in the code. So, for example there is a form which allows user to enter comments regarding a product, which will be sent to

问题 I have heard that sprintf() protects against SQL injection. Is it true? If so, how? Why people are recommending to write query like this: $sql = sprintf('SELECT * FROM TABLE WHERE COL1 = %s AND COL2 = %s',$col1,$col2); 回答1: sprintf wont protect! it only replaces the %s you must mysql_real_escape_string so: $sql = sprintf('SELECT * FROM TABLE WHERE COL1 = "%s" AND COL2 = "%s"', mysql_real_escape_string($col1), mysql_real_escape_string($col2)); is safer injection note: I sugets you take a look

问题 Is there anything else that the code must do to sanitize identifiers (table, view, column) other than to wrap them in double quotation marks and "double up" double quotation marks present in the identifier name? References would be appreciated. I have inherited a code base that has a custom object-relational mapping (ORM) system. SQL cannot be written in the application but the ORM must still eventually generate the SQL to send to the SQL Server. All identifiers are quoted with double