Top "Sql-injection" questions

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

When is it best to sanitize user input?

User equals untrustworthy. Never trust untrustworthy user's input. I get that. However, I am wondering when the best time to …

xss sql-injection user-input sanitization
Rails SQL injection?

In Rails, when I want to find by a user given value and avoid SQL injection (escape apostrophes and the …

ruby-on-rails security sql-injection
How do I sanitize SQL without using prepared statements

For some sql statements I can't use a prepared statment, for instance: SELECT MAX(AGE) FROM ? For instance when I …

java sql jdbc sql-injection
Regex To Detect Basic SQL Injections, But Not As A Means to Prevent SQL Injections

Let me start off by saying that I am confidante in the measures I have taken to make sure SQL …

ruby-on-rails regex sql-injection rackattack
How to cleanse dynamic SQL in SQL Server -- prevent SQL injection

We have a ton of SQL Server stored procedures which rely on dynamic SQL. The parameters to the stored procedure …

sql-server validation stored-procedures sql-injection dynamic-sql
SQLException: Invalid parameter index 1 only with PreparedStatement

I have got a webapp(JSP/Servlet) with Tomcat8 + SQL Server2012 JDBC Driver Type 4: JTDS old version 1.2.5 (http://jtds.sourceforge.…

java sql-server-2012 prepared-statement sql-injection jtds
Does mysql_real_escape_string() FULLY protect against SQL injection?

On http://www.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/?akst_action=share-this , there is a section that claims you can bypass mysql_real_…

php mysql sql-injection
What does mysql_real_escape_string() do that addslashes() doesn't?

Why do we need a DB-specific functions like mysql_real_escape_string()? What can it do that addslashes() doesn't? Ignoring …

php security sql-injection
Spring (MVC) SQL injection avoidance?

I am wondering how Spring MVC handles SQL injections (and other security issues: XSS, code [javascript] injection, etc). I'm talking …

spring sql-injection jdbctemplate
PostgreSQL - DB user should only be allowed to call functions

Currently I'm using PostgreSQL for my application. Since I am trying to put every SQL that contains a transaction (i.…

postgresql stored-procedures transactions sql-injection user-permissions