Let's take the following vulnerable query ($id not being escaped): SELECT * FROM table WHERE id = $id Would it be possible in MySQL 5.x to modify some data through an UPDATE statement which would appear inside the hacked SELECT statement? I thought about something using benchmark() function: SELECT * FROM table WHERE id = id OR benc...
$myq = sprintf("select user from table where user='%s'", $_POST["user"]); I would like to know if the above query can be exploited using SQL injection. Is there any advanced SQL injection technique that could break sprintf for this particular query? ...
What are the best practices for securing a coldfusion webpage from malicious users? (including, but not limited to, sql injection attacks) Is cfqueryparam enough? ...
Hello, Plain-vanilla NHibernate setup, eg, no fluent NHibernate, no HQL, nothing except domain objects and NHibernate mapping files. I load objects via: _lightSabers = session.CreateCriteria(typeof(LightSaber)).List<LightSaber>(); I apply raw user input directly to one property on the "LightSaber" class: myLightSaber.NameTag = "Raw ...
Currently im working on a research paper about sql-injection with RFID tags and Im curious if it is possible to create a database trigger with an sql injections if stacked queries are disabled. If stacked queries are enabled, of course it is easy (assuming you know the table layout), but what if they're disabled for security reasons. ed...
Hi friends, I use CodeIgniter, and having trouble with hacking :( is it possible to make SQL Injection to the login code below: function process_login() { $username = mysql_real_escape_string($this->input->post('username')); $password = mysql_real_escape_string(MD5($this->input->post('password'))); //Check user ta...
Hi. I just got a site to manage, but am not too sure about the code the previous guy wrote. I'm pasting the login procedure below, could you have a look and tell me if there are any security vulnerabilities? At first glance, it seems like one could get in through SQL injection or manipulating cookies and the ?m= parameter. define ( ...
Is there anything else that the code must do to sanitize identifiers (table, view, column) other than to wrap them in double quotation marks and "double up" double quotation marks present in the identifier name? References would be appreciated. I have inherited a code base that has a custom object-relational mapping (ORM) system. SQL ...
I have this function I'm using and I want to be sure that it fully protects against SQL injection attacks: function MakeSafeForQuery($string) { // replace all of the quote // chars by their escape sequence $ret = str_replace("\\","\\\\",$string); $ret = str_replace("'","\\'",$ret); $ret = str_replace("\"","\\\"",$re...
Hi, After doing a long search on stackoverflow i didn't find any one talked about this even if it's a big choice, the Question is what's the best in order to prevent both of XSS and SQL injection, Escaping the data then store it in the DB or Store it as it is and escape when output it? Note: it is better if you give some examples of pra...
I'm trying to protect myself from sql injection and am using: mysql_real_escape_string($string); When posting HTML it looks something like this: <span class="\"className\""> <p class="\"pClass\"" id="\"pId\""></p> </span> I'm not sure how many other variations real_escape_string adds so don't want to j...
A security review was done against one of our ASP.net applications and returned in the test results was a SQL Injection Exposures considered to be a high risk item. The test that was performed passed a SQL statement as the value of the __EVENTTARGET and the __EVENTARGUMENT. I am wondering since these 2 values are ASP.net auto-generated...
To prevent SQL injection, is it necessary to use mysql_real_escape_string(), when magic_quotes_gpc is on? ...
How do I prevent SQL injection when it comes to ColdFusion? I'm quite new to the language/framework. Here is my example query. <cfquery name="rsRecord" datasource="DataSource"> SELECT * FROM Table WHERE id = #url.id# </cfquery> I see passing in url.id as a risk. ...
Hi, I'm using pyodbc to talk to a legacy Access 2000 .mdb file. I've got a cursor, and am trying to execute this: c.execute("INSERT INTO [Accounts] ([Name], [TypeID], [StatusID], [AccountCat], [id]) VALUES (?, ?, ?, ?, ?)", [u'test', 20, 10, 4, 2]) However, doing so results in pyodbc.Error: ('HYC00', '[HYC00] [Microsoft][ODBC Mic...
I am used to developing in PHP/MySQL and have no experience developing with SQL Server. I've skimmed over the PHP MSSQL documentation and it looks similar to MySQLi in some of the methods I read about. For example, with MySQL I utilize the function mysql_real_excape_string(). Is there a similar function with PHP/SQL Server? What step...
Hi, I have recently taken on a project in which I need to integrate with PHP/SQL Server. I am looking for the quickest and easiest function to prevent SQL injection on SQL Server as I prefer MySQL and do not anticipate many more SQL Server related projects. Is this function sufficient? $someVal = mssql_escape($_POST['someVal']); $que...
We currently receive parameters of values as VARCHAR's, and then build a date from them. I am wanting to confirm that the method below would stop the possibility of SQL injection from this statement: select CONVERT(datetime, '2010' + '-' + '02' + '-' + '21' + ' ' + '15:11:38.990') Another note is that the actual parameters being passe...
If I was going to put my site for the public's use, what are some security issues that I should be worried about? I know of SQL injections. What other hacks/injections should I be aware of? ...
Please help me to prevent my data from SQL injection. I have replaced ' with '' (single quote with 2 quote) while doing any operation on sql server. Please tell me what all i need to do , to prevent my application from SQL injection. my application is in asp.net 2.0 i will use parameterized queries but what about my old projects.. i mea...