Top "Sql-injection" questions

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

Can parameterized statement stop all SQL injection?

If yes, why are there still so many successful SQL injections? Just because some developers are too dumb to use …

sql sql-injection code-injection exploit
Passing table name as a parameter in psycopg2

I have the following code, using pscyopg2: sql = 'select %s from %s where utctime > %s and utctime < %s …

python sql postgresql sql-injection psycopg2
Does the preparedStatement avoid SQL injection?

I have read and tried to inject vulnerable sql queries to my application. It is not safe enough. I am …

java jdbc prepared-statement sql-injection
How does SQL-injection work and how do I protect against it

Possible Duplicate: What is SQL injection? I see a lot of php code floating around on stackoverflow and (too) little …

php mysql sql-injection protection
Are Parameters really enough to prevent Sql injections?

I've been preaching both to my colleagues and here on SO about the goodness of using parameters in SQL queries, …

asp.net sql database sql-injection
Does Spring JDBC provide any protection from SQL injection attacks?

Spring's JdbcTemplate abstraction provides a lot of functionality, but can it be used in such a way that provides protection …

spring sql-injection jdbctemplate
How can I automatically test my site for SQL injection attacks, using either a script or program?

I've searched and found a good discussion here on SO, but it is several years old. What programs are there, …

php sql sql-injection
How can I avoid SQL injection attacks in my ASP.NET application?

I need to avoid being vulnerable to SQL injection in my ASP.NET application. How might I accomplish this?

.net asp.net sql security sql-injection
Avoiding SQL injection without parameters

We are having another discussion here at work about using parametrized sql queries in our code. We have two sides …

c# asp.net sql-server sql-injection
How can I prevent SQL injection in PYTHON-DJANGO?

If a lamer input is inserted into an SQL query directly, the application becomes vulnerable to SQL injection, like in …

python sql django security sql-injection