sql-injection

Is SQL Injection possible with POST?

Sql Injection is possible if parameters are passed via GET. But is it possible via POST also. If yes, can https prevent it? ...

How can this kind of SQL injection work even though there is not security consideration at all?

bob'); drop table students; -- In PHP,this will fail: mysql("statement1;statement2;"); There can be only one statement,so I really doubt how can the above injection actually work at all? ...

How should I write PHP $_POST vars in a mysql_query function?

Hi all, In accessing my database, I have the user fill out a form, and in the target page, the posted values are used in the resulting MySQL query. $query = mysql_query("SELECT pass FROM database WHERE user='$_POST[user]'"); However, for some reason or another, MySQL doesn't like my using a $_POST variable in the command, and it only...

what is the best way to prevent sql injection in mysql

Hi all, i don't know much about sql injection. I want to know that what is the best way to prevent the sql injection in mysql? Like how should i insert data in the database, How should i fetch them from DB, how to execute search query, update query in mysql. Upto here i know that addslashes is used to prevent the sql injection in mys...

SQL injection on Classic ASP pages with parameterized queries: text fields

I've parameterized my queries in my Classic ASP app, but am unsure whether I need to sanitize or scrub free text fields or if the parameterization is sufficient to prevent injection. ...

Is this smart or no?

Is it ok to use this code to trim and escape all post´s in my register function? or is it better practice to trim and escape each and every inputs // Trim and sanitize our input $_POST = array_map('trim', $_POST); $_POST = array_map('mysql_real_escape_string', $_POST); if (invalidinput) dostuff else insert into user (username,passwd) v...

PHP magic_quotes_gpc vulnerability

I've been assigned to one of my company's legacy webapps, and after a day or two of poking around the source, I've found an SQL injection vector similar to the following: mysql_query("SELECT * FROM foo WHERE bar='" . $_GET['baz'] . "'"); I've tried to perform an SQL injection test against this, but it fails, due to PHP's magic_quotes_...

SQL INJECTION and two queries

So, I read article about SQL injection and there was an example: SELECT * FROM table_name WHERE smth = 'x'; UPDATE table_name SET smth ='[email protected]' WHERE user = 'admin'; Why it doesn't work? Or it is an old article and nowadays this way is nonsense? So how hackers update mysql then? Thanks. ...

sql injection prevention for create method in rails controller

As seen in comment_controller.rb: def create @comment = Comment.new(params[:comment]) @comment.save end Im assuming that this is SQL injection-unsafe. But what is the correct way of doing it?.. All the examples on the net deal with finds. ...

Are any of these SQL Queries open to SQL injection attacks?

I have re-written my code after great help from some friendly stack overflow members (big thanks to Martin B and Kev Chadders especially). I would now like to check if my code is still open to SQL Injections after this work. I believe the code is now working as it should, but any blinding errors that you see i'd love to hear about too. M...

Sanitizing variables in this code

Hi All and thank for looking. Is the following code vulnerable and how? How would I sanitize the code to make it safe? <? $pname = $_GET['product_name']; $sql = "SELECT * FROM products WHERE product_name='$pname'"; $result = mysql_query($sql); $myrow = mysql_fetch_array($result); $pid = $myrow['product_id'...

Is using a database-level MD5 function a bigger security risk than an application level function?

I've got a chunk of code that validates a user's username and password, which goes something like this: $sql = "SELECT * FROM user WHERE username='{$_POST['username']}' AND password=MD5('{SALT}{$_POST['password']}')"; Is this any more/less secure than doing it like this? $sql = "SELECT * FROM user WHERE username='{...

Parameters in the FormsOf function and SQL injection

Is the following SQL susceptible to SQL injection via the @SearchWord parameter? I want to use parameters with the FormsOf function, but the only guide to doing so I've found is in this Stack Overflow question: http://stackoverflow.com/questions/1362220/how-to-pass-parameter-to-formsof-function-in-sql-server However the solution seems ...

LINQ to Entities and SQL Injection

I've seen a couple of conflicting articles about whether or not L2E is susceptible to SQL injection. From MSDN: Although query composition is possible in LINQ to Entities, it is performed through the object model API. Unlike Entity SQL queries, LINQ to Entities queries are not composed by using string manipulation or concatenation, ...

SOA vulnerabilities

I am a post graduate student. I have to do a masters thesis on SOA vulnerabilities(SOA security). In the sense, finding vulnerabilities in web services or finding solutions to the existing vulnerabilities. In that direction i have been searching for vulnerabilities in SOA. Once the vulnerability is find i have to stimulate it and show to...

How can I avoid SQL injection attacks?

Yesterday I was speaking with a developer, and he mentioned something about restricting the insertions on database field, like, strings such as -- (minus minus). At the same type, what I know is that is a good approach to escape HTML chars like <, > etc. Not --. Is this true? Do I have to worry about --, ++? Is it more like a myth or ol...

Safely using prepared statements to query database

I'm trying to write a function that is versatile in the queries it is allowed to make, but also safe from injection. The code below throws an error as is, but if I run it with 'name' instead of ':field' it works fine. $field = "name"; $value = "joe"; function selectquery($field, $value) { global $dbcon; $select = $dbcon->prepare...

Securing a database from Java clients

The concept I have uses a central MySql database which has many Java clients running and using this database (connecting directly). The clients would be publically available, so security becomes an issue. As Java can be decompiled, I cannot put the security part of this system into the client application. I'll need to have an initial us...

What is SQL injection?

Possible Duplicates: XKCD sql injection - please explain What is SQL injection? I have seen the term "SQL injection" but still do not understand it. What is it? ...

Is MySQL more resistant to SQL injection attack than PostgreSQL (under Perl/DBI) ?

I am reviewing a Linux based perl web application that contains a login handler with the ubiquitous my $sth = $DB->prepare("SELECT password from passwords where userid='$userid'") or die; $sth->execute or die; ... where $userid is initialized from (unsafe, unfiltered) web user input. It is well known that the DBI documentation recomme...