Top "Sql-injection" questions

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

how to escape a string before insert or update in Ruby

In ruby ActiveRecord doesn't provide dynamic binding for update and insert sqls, of course i can use raw sql, but …

ruby activerecord sql-injection mysql-real-escape-string
Does this code prevent SQL injection?

Background I've been contracted to analyze an existing Data Provider and I know the following code is faulty; but in …

.net sql sql-server vb.net sql-injection
Prevention against SQL Injection in Hibernate

I have used hibernate to interact with my database, now I wanted to make my database layer secure against SQL …

hibernate hql sql-injection parameterized
Can JSF standard validation prevent code injection?

In my project, I do duplicate validation at the presentation layer as well as the persistence layer with the hope …

java security jsf sql-injection code-injection
Does Hibernate Criteria Api completely protect from SQL Injection

I am working with Hibernate to protect my website from SQL Injection. I heard that Hibernate Criteria API is more …

java hibernate sql-injection criteria-api hibernate-criteria
Sqlmap parameter "might not be injectable"

Im starting with sqlmap and I have the following doubt: When I try to use sqlmap (trying to bypass waf) …

sql-injection sqlmap
Effectiveness of stripslashes against SQL Injection?

Possible Duplicate: Best way to defend against mysql injection and cross site scripting How to include a PHP variable inside …

php sql database sql-injection stripslashes
IP address SQL injection

Is it possible for a user to forge the result that is returned from $_SERVER['REMOTE_ADDR'] in PHP so …

ip-address sql-injection
Escaping user input from database necessary?

So I know about MySQL injection and always escape all my user input before putting it in my database. However …

php mysql escaping sql-injection user-input