Hi, I have the following code: public function checkLoginDetails($email, $password) { $select = $this->select (); $select->where ( "password=?", md5($password) ); $select->where ( "email=?", $email ); return $this->fetchRow($select); } email and password come directly from the user. Do I need to filter email with, say, mysql_real...
Why table params aren't allowed in SQL Server? Is there any solution to this? Example: using (SqlCommand myCommand = new SqlCommand("SELECT * FROM @table WHERE USERNAME=@username AND PASSWORD=HASHBYTES('SHA1', @password)", myConnection)) { myCommand.Parameters.AddWithValue("@table", table); myCommand.Parameters.Add...
I have an assoc array filled with the values necessary for a PDOstatement. Should I, bind each value then call execute? Or call execute passing it the array of values? Array( [name] => Joe [value] => some content ) Should I: foreach($data as $key => $value){ $statement->bindValue($key, $value); } execute(); OR execute($data...
I know that dynamic SQL queries are bad due to the SQL Injection issues (as well as performance and other issues). I also know that parameterized queries are prefered to avoid injection issues, we all know that. But my client is still very stubborn and thinks that just var UserName=Request.Form["UserName"]; UserName=UserName.Replace...
hi im using acunetix to test my website the problem is with this script http://boedesign.com/blog/2007/02/18/ajax-star-rating/ acunetix doesnt show any message but when i test for blind sql i can get values like 8 and 1=0 -- 8 and 31337-31337=0 in the rating_id mysql column, i want to only allow numbers in there, so i made a little f...
when i use acunetix on my page i get a: Blind SQL/XPath injection header: GET /file.php?id=2'+and+31337-31337=0+--+&page=2 response: no files found (sometimes it shows results) here is my php code: $id = (int) htmlentities($_GET['id']); $fileid = mysql_real_escape_string($id); the query: SELECT * FROM `files` WHERE `id` = '".$file...
ok i use this route routes.MapRoute( "Catalog/Data", "Catalog/{*data}", new { controller = "Catalog", action = "Category", data = "" } ); the Url looks something like http://localhost/Catalog/Computer/Harddrives/internal Data beening the Computer/Harddrives/internal part i split it apa...
We have a Delphi 2006 application that drives a MS SQL Server database. We have found a vulnerability where it is possible to load the executable into a hex editor and modify the SQL. Our long term plan is to move this SQL to CLR stored procedures but this is some way off since many of our clients still use SQL 2000. We've thought ab...
Question: Is preventing XSS (cross-site scripting) as simple using strip_tags on any saved input fields and running htmlspecialchars on any displayed output ... and preventing SQL Injection by using PHP PDO prepared statements? Here's an example: // INPUT: Input a persons favorite color and save to database // this should prevent SQL i...
I know that mysql_real_escape_string() prepends backslashes to the following characters: \x00, \n, \r, \, ', " and \x1a I know how this protects a query from injection into something like a variable in a where clause. But here's a scenario I am unsure of: $query = "SELECT * FROM $db WHERE 1"; If $db is taken from a user input, t...
Is it possible for a user to forge the result that is returned from $_SERVER['REMOTE_ADDR'] in PHP so they could in theory use SQL injection on a database? This is a bit dumb, but I'm still new enough to PHP that I want to know if it can be done, whether or not I need to sanitize database input when the SELECT statement chooses from IP...
A little over a year ago we started getting hit with sql injection attacks. We have hundreds of sites so we ended up spending weeks patching any holes we could find. Then a few weeks ago we started getting hit again. We've gone through everything we can think of and we can't find anywhere where the person is getting in. Does anyone k...
Hi all, The problem We need to defend against a 'WAITFOR DELAY' sql injection attack in our java application. Background [This is long. Skip to 'Solution?' section below if you're in a rush ] Our application mostly uses prepared statements and callable statements (stored procedures) in accessing the database. In a few places we dy...
I've got some free-response text fields and I'm not sure how to scrub them to prevent SQL injection. Any ideas? ...
In SO and elsewhere it's nearly impossible to post long concatenated SQL instructions in sample code without someone politely pointing out that it's better to use parameterized input and stored procedures. Recent example here. But is it meaningful to worry about SQL injection in a Winforms project? ...
In my Python code I often find myself doing the following (using DB-API): yValues = pickInterestingValuesOfY() sql = "..." # includes a clause stating that "y must be in yValues" c.execute(sql, yValues) In the end, the SQL being executed could be something as simple as SELECT x FROM table1 WHERE y IN (1,2,3); The issue is that th...
now i have this form post script <? if(isset($_POST['baslik'])) { $sql = "INSERT INTO yazilar (baslik, spot, spot_kisa, spot_resim, spot_resim_isim, icerik, kategori, tiklanma, eklemetarihi) VALUES ('$_POST[baslik]','$_POST[spot]','$_POST[spot_kisa]','$_POST[spot_resim]','$_POST[spot_resim_isim]','$_POST[icerik]','$_POST[kategori]'...
I am using MySQL Connector/Net and I want to write a query against a table whose name will be specified at runtime. This example is off the top of my head (not tested): public class DataAccess { public enum LookupTable { Table1, Table2, Table3 } public int GetLookupTableRowCount(LookupTable tabl...
As far as I can see the offerings fall into two categories – scanning services such as McAfee, Comodo, etc. and tools such as Burp Proxy, HP’s WebInspect,CodeScan, etc. In an ideal world, I’d use something that actively scanned a certain URL (the target being a LAMP stack) on a daily basis (or as required if it’s a standalone tool), bu...
hi everyone. i would like to know if it is possible to create request with no space with MySQL ? i test the security of my own website, and i've put an str_replace(" ", "", $POST['id']); All sql injection becomes : id=-1 UNION SELECT pass... afet strreplace : -1UNIONSELECTpass i would have a hight livel securoty on my own website. t...