sql-injection

How can I protect Amazon SimpleDB from SQL Injection?

ぃ、小莉子 提交于 2019-12-08 15:40:54
问题 Under the principle of "if it walks like a duck and it sounds like a duck," it sure seems like the SQL-flavored queries that Amazon's SimpleDB supports should be susceptible to SQL injection-type attacks. Here's a simple example that assumes the attacker's input is going into the variable $category, and that he can guess a column name: $category = "Clothes' OR Category LIKE '%"; $results = $sdb->select("SELECT * FROM `{$domain}` WHERE Category = '$category'"); If you're playing the home game,

How can I prevent SQL injection in PHP?

China☆狼群 提交于 2019-12-08 09:46:00
问题 This post is a Community Wiki . Edit existing answers to improve this post. It is not currently accepting new answers. If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example: $unsafe_variable = $_POST['user_input']; mysql_query("INSERT INTO `table` (`column`) VALUES ('$unsafe_variable')"); That's because the user can input something like value'); DROP TABLE table;-- , and the query becomes:

Using prepared statement for Order by to prevent SQL injection java

跟風遠走 提交于 2019-12-08 07:39:15
问题 I have a query with where conditions , order by and limit. I am using prepared statements to set the where conditions and limit. Currently i am using string append for order by which causing SQL injection vulnerability. I cannot use set string to order by like this order by ? ? SQL Order functionality not working if i do like this. Example query: SELECT siteid, technology, address, state, status FROM archive LEFT OUTER JOIN mappings ON siteid = child_site_id order by siteid asc limit ? offset

Is this query injection proof?

浪子不回头ぞ 提交于 2019-12-08 07:04:24
问题 I am using PDO to talk to my database, and I wonder if casting a type like this $dbh->query("SELECT * FROM recipes WHERE id=".(int)$id); is sufficient to prevent sql injection? In this case $id is always an integer. I also wonder what would be a good way to prevent an injection in this kind of statement if the variable was a string. 回答1: Yes. Casting to int prevents all the nasty SQL injection possibilities. If the variable were a string, you should use prepared statements to pass it. $sql =

Improper Neutralization of Special Elements used in an SQL Command

ⅰ亾dé卋堺 提交于 2019-12-08 05:57:38
问题 My App data managed by the Content Provider using CursorLoaders is in SQLite database. According to Veracode Static Scan report , it is prone to SQL Injections. But according to docs, To avoid this problem, use a selection clause that uses ? as a replaceable parameter and a separate array of selection arguments. When you do this, the user input is bound directly to the query rather than being interpreted as part of an SQL statement. Because it's not treated as SQL, the user input can't inject

SQL Injection pattern in store search

北城以北 提交于 2019-12-08 04:14:21
问题 Since early morning today, we are getting following search queries in our ecommerce store. I understand its SQL injection. We are also using parameterized query. So it didnt do any harm. but because to the length of the query full text search took time to process and ended up timeout and website hanged for a while. Immediately, i have restricted maximum charterers for search to 75 and added logic to detect sql injection and prevent it to reach sql server as additional safety. Our enviorment:

how to inject sql in login process

为君一笑 提交于 2019-12-08 03:32:55
问题 I've received an old application which completely lacks user input sanitization and is vulnerable to sql injection. To prove gravity of the situation i need to give client an example and what can be better to scare him than the login process. I've tried standard techniques but the problem with them is that they return multiple rows and due to nature of the code it returns an error instead of logging him in. What sql should i inject so that only a single row is returned and the execution

duplicate-key error in mysql triggered by count(*) on group by

徘徊边缘 提交于 2019-12-08 03:05:26
hi every one i was reading a sans book about blind sql injection the author of the book mention that if you want to trigger an error in mysql use this query and inject it in the target 1 and (select 1 from (select count(*),concat(/*your malicious query here*/,floor(rand(0)*2)x from users group by x) a) and he says (author) that count(*) on a group by "floor(rand(0)*2)" causes a duplicate key in internal table and display the key My questions: first why he put the x there ? second what is duplicate key in internal table error and what query causes it other then this one and how count(*) on a

Erlang Mysql: How to prevent SQL Injections

我只是一个虾纸丫 提交于 2019-12-07 18:55:13
问题 I'm very new to erlang and I need to code something which inserts rows in a MySQL Database. How can I prevent SQL Injections with Erlang? Is there also something like prepared statements in other Languages or how should I do it? Thanks for your replies. 回答1: This answer depends on the driver you are using. Erlang ODBC has a function param_query that binds a set of parameters to the query and it might also escape all the SQL special characters. erlang-mysql-driver has prepared statements: %%

Preventing SQL injection in PHP with MDB2

狂风中的少年 提交于 2019-12-07 16:18:21
问题 I'm trying to figure out how to prevent sqlinjection, I wrote this basic function : function antiInjectie($inputfromform){ $temp = str_replace("'", "`",$inputfromform); $temp = str_replace("--", "~~",$temp); return htmlentitites($temp); } However someone told me to also take hex values in consideration, but how do I do this? Update I'm stuck with MDB2 and pgsql 回答1: Bobby-Tables has a good guide to preventing SQL injection. In short: Don't twiddle with the input yourself, use database API
订阅 sql-injection