sql-injection

Is SQL injection a risk today?

I've been reading about SQL injection attacks and how to avoid them, although I can never seem to make the "awful" examples given work, e.g. this post http://stackoverflow.com/questions/332365/xkcd-sql-injection-please-explain I created a php file and a table in the database, had a value passed through $_GET and tried to delete the tab...

Are sql injection attacks only a threat on a page that has a form?

I know it's a simple question, but in everything I've read, I've never seen this spelled out specifically. If you do a query on a page, do you need to worry about SQL injection attacks? Or is it only a problem when you ask the user for input? Thanks! ...

What is the Sql Server equivalent for Oracle's DBMS_ASSERT?

DBMS_ASSERT is one of the keys to prevent SQL injection attacks in Oracle. I tried a cursory search...is there any SQL Server 2005/2008 equivalent for this functionality? I am looking for a specific implementation that has a counterpart of all the respective Oracle package members of DBMS_ASSERT. NOOP SIMPLE_SQL_NAME QUALIFIED_SQL_N...

Safely escape strings for SQL fragments for joins, limits, selects, and so on (not conditions) on Rails

In Ruby on Rails, for conditions, it's easy to make SQL-injection-proof queries: :conditions => ["title = ?", title] where title comes from the outside, from a web form or something like that. But what if you are using SQL fragments in other parts of the query, like: :select => "\"#{title}\" AS title" # I do have something like th...

Wordpress Database Output - Remove SQL Injection Escapes

I'm having a problem using $wbdb. When I insert or update data using $wpdb->insert or $wpdb->update, the SQL injection protection actually inserts the \' into the database, and when outputting that information it has the SQL escape with it. (ie: My Value\'s Escaped). I know there's gotta be a way to escape this using a wordpress func...

SQL syntax error using Python and psycopg

How can you fix this SQL-code? My Python code: import os, pg, sys, re, psycopg2 conn = psycopg2.connect("dbname=tk user=masi password=123") cur = conn.cursor() cur.execute("""INSERT INTO courses ('course_nro') VALUES ( `:1` )""", ['hen']) I get: Traceback (most recent call last): ...

Vulnerability reports from PCI-DSS scan

We have had a PCI scan on one of our websites passed on to us by one of our clients. There are a number of reports of vulnerabilities that look something like this: Network service: 80/443 Application URL: http://www.oursite.com/signup.php The response contains SQL Server errors. This suggests that the hazardous characters i...

SQL Injection Vulnerability found

Hello All, Yesterday i received an email from a guy that our site is vulnerable to SQL injection. The email said: I tried some classic SQL injection on your server. This URL contains the result: http://www.mysite.com/ppreview.php?id=611111161%20and%201=0%20UNION%20all%20SELECT%201,2,3,4,password,6,7,8,9,10,11,12,13,14,15,16...

Does this code prevent SQL injection?

Background I've been contracted to analyze an existing Data Provider and I know the following code is faulty; but in order to point out how bad it is, I need to prove that it's susceptible to SQL injection. Question What "Key" parameter could break the PrepareString function and allow me to execute a DROP statement? Code Snippet P...

Java - escape string to prevent SQL injection

I'm trying to put some anti sql injection in place in java and am finding it very difficult to work with the the "replaceAll" string function. Ultimately I need a function that will convert any existing \ to \\, any " to \", any ' to \', and any \n to \\n so that when the string is evaluated by MySQL SQL injections will be blocked. I'v...

Restricting user password character set

Working on a login system - the point where customer chooses their password for site access. Beyond using RegEx to ensure that the password is strong enough, normally on our system all data that will wind up in the database is checked against injection etc and a reasonably restricted character set is enforced on all fields. I don't rea...

How to confirm SQL injection

Is there any way to confirm that a particular breach of security was done through SQL injection? ...

SQL Injection filter method for ASP.NET

I've got fields that are free-form text and allow just about any combination of numbers/symbols. What's the best way to validate these to prevent SQL Injection? Can I run a simple replace of tick marks? Is there a method out there I can plug in to use? ...

Does using non-SQL databases obviate the need for guarding against "SQL injection"?

This may seem like an obvious (or not so obvious) question, but let me explain. I'm coding up a Google App Engine site using Google's database technology, BigTable. Any App Engine coders will know that Google has its own limited query language called GQL. As a result, I am tempted not to do any checking for SQL (or GQL) injection in my a...

Proving SQL Injection

I'm trying to simply prove here that this simple function isn't good enough to prevent every sql injection in the world: Function CleanForSQL(ByVal input As String) As String Return input.Replace("'", "''") End Function Here is a typical insert statement from one of our apps: Database.DBUpdate("UPDATE tblFilledForms SET Text1 = '...

XSS - SQL Injection -- Owasp vs AntiXss Vs Microsoft Anti-Cross Site Scripting Library

Hello, We are looking at using a library to help us detect SQL injections. We are using sprocs and parametrized statements, but for the sake of this post that we are only using some sore of library that detects/ verifies user input. Whats the best one? Easiest to implement? Easiest to update/manage? Why prefer one over the othe...

Build safe search conditions for SQL WHERE clause

I need to build search conditions to be used with WHERE clause. This search condition is then passed to a different application to be executed as a part of SQL query. Because there search conditions can be quite complex (including sub-queries) I don't believe receiving application can intelligently parse them to prevent SQL injection att...

How do I protect this function from SQL injection?

public static bool TruncateTable(string dbAlias, string tableName) { string sqlStatement = string.Format("TRUNCATE TABLE {0}", tableName); return ExecuteNonQuery(dbAlias, sqlStatement) > 0; } ...

What kind of SQL injections do you know?

I'll provide a simple one here: $query = "select id from accounts where email='$_POST[email]' and psw='$_POST[password]'"; $result = mysql_query($query,$con); if($row = mysql_fetch_assoc($result)) return true; else return false; If the password is 1' or '1'='1,then will do the trick! What other tips have you known? ...

What is second level SQL Injection

What is all about the second level SQL Injection.. This is with reference to the question http://stackoverflow.com/questions/1819377/use-of-parameters-for-mysqlquery.. and a part of one of the answers had this term... ...