sql-injection | 易学教程

MySQL injection protection and vulnerability signs using PHP

阅读更多关于 MySQL injection protection and vulnerability signs using PHP

问题 What are the best ways to protect from MySQL injection? What are weaknesses I should look out for? I know what it is, but I really have no idea how vulnerable I might be. Though I have taken (what I think to be) steps toward protecting myself and my database. Is there any sure-fire way of stopping someone? BTW...I write in PHP:) 回答1: Use prepared statements instead of mixing the statement and the actual payload data. see http://dev.mysql.com/tech-resources/articles/4.1/prepared-statements

Using Magento Methods to write Insert Queries with care for SQL Injection

阅读更多关于 Using Magento Methods to write Insert Queries with care for SQL Injection

问题 I am using the Magento's functionality to insert & update queries. My requirement is that I want to take care of SQL Injection, when doing these types of queries. But I'm unable to find how Magento does this. I'm providing one start sample. Please provide me with one complete example. <?php $write = Mage::getSingleton("core/resource")->getConnection("core_write"); $sql = "INSERT INTO Mage_Example (Name, Email, Company, Description, Status, Date) VALUES ('$name', '$email', '$company', '$desc',

Penetration testing tools [closed]

阅读更多关于 Penetration testing tools [closed]

问题 As it currently stands, this question is not a good fit for our Q&A format. We expect answers to be supported by facts, references, or expertise, but this question will likely solicit debate, arguments, polling, or extended discussion. If you feel that this question can be improved and possibly reopened, visit the help center for guidance. Closed 7 years ago . We have hundreds of websites which were developed in asp, .net and java and we are paying lot of money for an external agency to do a

ColdFusion Query - Injection Protection

阅读更多关于 ColdFusion Query - Injection Protection

问题 I ask this question with a bit of sheepishness because I should know the answer. Could someone be kind and explain if and how injection could occur in the following code? <cfquery> select * from tableName where fieldName = '#value#' </cfquery> I'm specifically curious about injection attempts and other malicious input, not about best practices or input validation for handling "normal" user input. I see folks strongly advocating use of CFQueryParam, but don't think I see the point. If user

MySQL Prepared Statements

阅读更多关于 MySQL Prepared Statements

I was just wondering if there was a way I could use some form of prepared statements in MySQL so I wouldn't have to escape all my inputs and I wouldn't have to switch all of my files from MySQL to MySQLi. I really don't trust the escaping functions, so if there is any alternatives that work in regular MySQL, it would be great. Mattis Use PDO (PHP Data Objects) to connect to your MySQL database. This method will make sure that all database input will always be treated as text strings and you will never have to do any manual escaping. This combined with proper use of html_entities() to display

Is SQL injection a risk today?

阅读更多关于 Is SQL injection a risk today?

问题 I've been reading about SQL injection attacks and how to avoid them, although I can never seem to make the "awful" examples given work, e.g. see this post . I created a PHP file and a table in the database, had a value passed through $_GET and tried to delete the table by doing bob'); drop table students; -- and it didn't work. PHP automatically escapes the \' and the query has an error, no harm done. Same issue when trying to replicate login "attacks" like AND WHERE 1=1 etc. example code: <

What is the PDO equivalent of function mysql_real_escape_string?

阅读更多关于 What is the PDO equivalent of function mysql_real_escape_string?

I am modifying my code from using mysql_* to PDO . In my code I had mysql_real_escape_string() . What is the equivalent of this in PDO? Well No, there is none! Technically there is PDO::quote() but it is rarely ever used and is not the equivalent of mysql_real_escape_string() That's right! If you are already using PDO the proper way as documented using prepared statements , then it will protect you from MySQL injection. # Example: Below is an example of a safe database query using prepared statements (pdo) try { // first connect to database with the PDO object. $db = new \PDO("mysql:host

Python SQLite3 SQL Injection Vulnerable Code

阅读更多关于 Python SQLite3 SQL Injection Vulnerable Code

问题 I know that the code snippets below are vulnerable to SQL Injection because of the .format, but i do not know why. Does anyone understand why this code is vulnerable and where i would start to fix it? I am aware that these code snippets leave the input fields open to execute other malicious commands via SQL Injection but don't know why cursor.execute("insert into user(username, password)" " values('{0}', '{1}')".format(username, password)) handle[0].execute("insert into auditlog(userid, event

Successful SQL Injection despite PHP Magic Quotes

阅读更多关于 Successful SQL Injection despite PHP Magic Quotes

问题 I have always read that Magic Quotes do not stop SQL Injections at all but I am not able to understand why not! As an example, let's say we have the following query: SELECT * FROM tablename WHERE email='$x'; Now, if the user input makes $x=' OR 1=1 -- , the query would be: SELECT * FROM tablename WHERE email='\' OR 1=1 --'; The backslash will be added by Magic Quotes with no damage done whatsoever! Is there a way that I am not seeing where the user can bypass the Magic Quote insertions here?

Are dynamic mysql queries with sql escaping just as secure as prepared statements?

阅读更多关于 Are dynamic mysql queries with sql escaping just as secure as prepared statements?

I have an application which would greatly benefit by using dynamic mysql queries in combination with mysql (mysqli) real escape string. If I ran all data received from the user through mysql real escape would it be just as secure as using mysql prepared statements? Your Common Sense Definitely NO. While question in the title is ambiguous and can be interpreted as "Are dynamic mysql queries with every it's part properly formatted ..." and thus have a positive answer, the question in the body is not : If I ran all data received from the user through mysql real escape would it be just as secure