sql-injection

SQL injection - no danger on stored procedure call (on iSeries)?

I've done some searching around but I have a specific question on SQL Injection and hope I can get some input as I believe I may be getting the wrong end of the stick to do with field data sanitising etc :- I have a java program calling a stored procedure on an iSeries. The stored procedure has CL / RPG code behind the scenes. The store...

SQL injection attack on asp registration form pages?

I need to know the process of the SQL injection attack on registration form made by asp or asp.net ? this is a crucial question to me. thank you ...

Is this PHP/MySQL statement vulnerable to SQL injection?

Should be a simple question, I'm just not familiar with PHP syntax and I am wondering if the following code is safe from SQL injection attacks?: private function _getAllIngredients($animal = null, $type = null) { $ingredients = null; if($animal != null && $type != null) { $query = 'SELECT id, name, brief_description, des...

How Secure is this MySQL statement in a PHP script?

How secure is this MySQL statement built in a PHP? Would it be vulnerable to an SQL injection? $sql = sprintf("INSERT IGNORE INTO my_table VALUES(%d, %d, 1, NOW())", mysql_escape_string($_SESSION['client']['id']), mysql_escape_string($_POST['id'])); ...

escape apostrophes in Linq based stored procedure calls when SP contains dynamic SQL

Hi guys, I noticed the following: An ASP.NET MVC website under development gets an SQL error "Unclosed quotation mark ..." when it makes a LINQ call to a stored procedure that contains dynamic SQL. For example: SP GetEmployees called with parameter [filter_name] that has value [n'for] throws this error I can fix the problem by doing...

Does mysql_real_escape_string() FULLY protect against SQL injection?

On http://www.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/?akst_action=share-this , there is a section that claims you can bypass mysql_real_escape_string with certain Asian character encodings Bypassing mysql_real_escape_string() with BIG5 or GBK "injection string" に関する追加情報: the above chars are Chinese Big5...

How to quote values for LuaSQL?

LuaSQL, which seems to be the canonical library for most SQL database systems in Lua, doesn't seem to have any facilities for quoting/escaping values in queries. I'm writing an application that uses SQLite as a backend, and I'd love to use an interface like the one specified by Python's DB-API: c.execute('select * from stocks where symb...

ASP.NET / C# Equivalent of Microsoft Source Code Analyzer for SQL Injection (MSSCASI_ASP)?

Microsoft Source Code Analyzer for SQL Injection (MSSCASI_ASP) is a static code analyzer for classic ASP VBScript code that can help identify pages that might have a sql injection vulnerability. That tool seems to only support vbscript ("The tool understands only ASP code that is written in VBScript"), and I think it only supports Class...

Preventing SQL injection without prepared statements (JDBC)

I have a database log appender that inserts a variable number of log lines into the database every once in a while. I'd like to create an SQL statement in a way that prevents SQL injection, but not using server-side prepared statements (because I have a variable number of rows in every select, caching them won't help but might hurt perf...

Custom analysis rules for Microsoft Source Code Analyzer for SQL Injection (MSSCASI_ASP)?

Microsoft Source Code Analyzer for SQL Injection (MSSCASI_ASP) is a static code analyzer for classic ASP VBScript code that can help identify pages that might have a SQL injection vulnerability. It seems like a nice tool, but now that I've found Microsoft Code Analysis Tool for .Net (CAT.NET) -- a static analyzer designed to help find SQ...

Using $_GET & $_POST

Maybe I'm doing something wrong right from the beginning, and if so I'll work on that too... I have a menu item that as part of the URL passes an Event ID#. In my specific case it takes the user to an information page for that Event. Then there is a button that lets them sign up for the Event. Click and they're signed up for the Even...

How does SQL query parameterisation work?

I feel a little silly for asking this since I seem to be the only person in the world who doesn't get it, but here goes anyway. I'm going to use Python as an example. When I use raw SQL queries (I usually use ORMs) I use parameterisation, like this example using SQLite: Method A: username = "wayne" query_params = (username) cursor.ex...

If my database user is read only, why do I need to worry about sql injection?

Can they (malicious users) describe tables and get vital information? What about if I lock down the user to specific tables? I'm not saying I want sql injection, but I wonder about old code we have that is susceptible but the db user is locked down. Thank you. EDIT: I understand what you are saying but if I have no response.write fo...

Injection Attacks against .NET DataView RowFilter

So I'm writing a handler that filters a cached DataTable based on the AppRelativeCurrentExecutionFilePath using the DataView RowFilter property. What's the best way to encode the input to prevent an injection attack? Is the following sufficient? Is there a better/more-elegant way? dataView.RowFilter = String.Format("Name LIKE '{0}%'"...

How to fix Server Status Code: 302 Found by SQL Inject Me Firefox Addon

Hi folks. I scanned my login script using SQL Inject Me Firefox addon According to the Test Results, my script was vulnerable to SQL Injection. Result by example Results: Server Status Code: 302 Found Tested value: &#49&#39&#32&#79&#82&#32&#39&#49&#39&#61&#39&#49 Server Status Code: 302 Found Tested value: 1' O&#x52...

Mysql change delimiter for better SQL INJECTION handling?

Dear stackoverflowers I am using mysql and trying to block unwanted queries injection of people who will try to use my single query to run several ones. ie, for example when i have the parameter "?id=3", people can try to run it with ="id=3;drop table users" Now, i know that the best way to avoid this is by parsing and checking the par...

SQL Server vs MySQL - SQL Injection Vulnerabilities in Classic ASP

Recently one of our client's websites fell prey to a SQL Injection attack due to a failure to sanitize query string parameters provided to the page. The vulnerable code has since been identified and is being corrected, but it got me wondering about some of the differences between how MySQL and SQL Server process multi-query strings. The...

GAE Datastore and security risks with JDOQL

I just started working on a project that will run on google app engine (GAE). I'm using java (wicket) with some ajax. I'm experienced with relational databases and typically use something like iBatis. When going through the docs and examples for the GAE datastore using JDO I see that they're executing stuff like: String query = "sele...

What are some common SQL injection checks I can use?

I'm running through my web app and I'm trying to test various parts of the system to make sure they aren't succeptible to SQL injection. What are some common sql injection checks I can perform on textboxes/textareas, etc that would be good checks for vulnerability? I'm not worried about damaging my data as I'm running this on a test be...

Possible injection from date string Select query

Hi all. I have a problem wich is a little strange. My page contains a html link which refreshes the page and calls a PHP variable. This variable appends a date string to the url string which is fed into a MySQL query, which grabs records matching this date. I think this is causing an injection as it sometimes deletes the user from the d...