Top "Sql-injection" questions

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

Valid Email Addresses - XSS and SQL Injection

Since there are so many valid characters for email addresses, are there any valid email addresses that can in themselves …

php xss sql-injection email-validation
how safe are PDO prepared statements

Started using PDO prepared statements not too long ago, and, as i understand, it does all the escaping/security for …

php mysql security pdo sql-injection
How to prevent sql-injection in nodejs and sequelize?

I want to write custom queries using Sequelize, and as far as possible avoid potential issues with SQL Injection. My …

mysql node.js express sql-injection sequelize.js
Why is using a mysql prepared statement more secure than using the common escape functions?

There's a comment in another question that says the following: "When it comes to database queries, always try and use …

php mysql security sql-injection prepared-statement
Sqlmap post data

I was trying to run sqlmap with method POST but I got this error: [CRITICAL] no parameter(s) found for …

http sql-injection sqlmap
sqlmap is too slow

Here's an example. Just trying to list the databases: python sqlmap.py -u "http://somesite.com/?id=1" --dbs [15:20:32] [INFO] fetching …

sql sql-injection sqlmap
Does using parameterized SqlCommand make my program immune to SQL injection?

I'm aware that SQL injection is rather dangerous. Now in my C# code I compose parameterized queries with SqlCommand class: …

c# .net sql security sql-injection
Confusion between prepared statement and parameterized query in Python

As far as I understand, prepared statements are (mainly) a database feature that allows you to separate parameters from the …

python database prepared-statement sql-injection parameterized-query
Correct PHP method to store special chars in MySQL DB

Using PHP, what is the best way to store special characters (like the following) in a MSQUL database, to avoid …

php mysql sql-injection html-entities html-encode