2
голосов
1ответов
448 просмотров

Preventing SQL injection: is mysql_real_escape_string() really all I need?

Possible Duplicate: Best way to stop SQL Injection in PHP It seems far too good to be true to me that this simple function does all I need. Yet most of my google searches lead to results that basically say "just use this function and all will be well!". I've seen a couple that briefly, ...

8
голосов
5ответов
16963 просмотров

Classic ASP SQL Injection

I recently inherited a classic asp website with a ton of inline SQL insert statements that are vulnerable to SQL injection attacks. These insert statements are executed via the ADO command object. Will setting the ADO Command Object's Prepared property to true ensure that the query is parameter...

2
голосов
7ответов
2769 просмотров

Protection against SQL injection

Does the following PHP MySQL statement protect against SQL Injection? $strSQL = "SELECT * FROM Benutzer WHERE Benutzername = '".$Benutzer."' AND Password = '".md5($PW)."'"; The Variables $Benutzer and $PW are inputs from the User. We're checking the username and password against common SQL I...

3
голосов
3ответов
134 просмотров

Can SqlServer be configured to not execute stored procs submitted as strings?

Scenario A: SqlConnection con = new SqlConnection(myConnString); SqlDataAdapter adp = new SqlDataAdapter("EXEC spGetUserInfo 42", con); DataSet ds; adp.Fill(ds); Scenario B: SqlConnection con = new SqlConnection(myConnString); SqlCommand cmd = new SqlCommand(); cmd.Connection = con; cmd.Comma...

17
голосов
3ответов
20828 просмотров

SQL Server - Dynamic PIVOT Table - SQL Injection

Sorry for the long question but this contains all the SQL I've used to test the scenario to hopefully make it clear as to what I'm doing. I'm build up some dynamic SQL to produce a PIVOT table in SQL Server 2005. Below is code to do this. With various selects showing the raw data the values usi...

0
голосов
3ответов
1790 просмотров

Extract SQL query from a Web Page independent of the Scripting language

At present i am doing a project regarding SQL injection. I am doing it in such a way that it will find the SQL injection independent of the server side scripting.. whether it may be jsp or asp or php. Now the major problem is I have to extract the SQL query from the web page. That is when i press...

1
голосов
1ответов
444 просмотров

Are SQL Server 2008 Table Valued Parameters vulnerable to SQL injection attacks?

I have been investigating Table-Valued Parameters in SQL Server 2008, and I've discovered that when passing such a parameter to a stored procedure, a query such as the following is sent to the database server: declare @p1 dbo.MyTypeName insert into @p1 values(N'row1col1',N'row1col2') insert into...

4
голосов
3ответов
517 просмотров

Basic SQL Injections?

I was told in a previous question that my query is prone to SQL injections. get_stats = mysql_query("SELECT * FROM visitors WHERE site='$_GET[site]' AND date BETWEEN '$start_date' AND '$end_date' "); ...

1
голосов
3ответов
351 просмотров

Error when replacing words that contain quotes in mySQL

I have updated many records already, but when it came to a word that contains a quote I get this error: "ERROR: Unclosed quote @ 1357" I know why it's giving me this error, I just don't how to solve it. Here's a sample: UPDATE invnum SET cAccountName = replace(cAccountName,'JOHN'S','BEN') Than...

8
голосов
4ответов
3874 просмотров

SQL Injection Protection - Cast from string to int

We all know that parameterized SQL is the way to go when dealing with user input and dynamic SQL, but is casting from string to int (or double, or long, or whatever) as effective if the input you are seeking is numeric? I guess what I am asking is if this technique alone is infallible in regar...

1
голосов
4ответов
2008 просмотров

How to put double quotes in ADO.NET query?

I am trying to prevent any SQL injection in all my queries and would like to know how to put double quotes in this query. Thanks string.Format("SELECT TOP 10 article_guid, article_title FROM article WHERE article.article_isdeleted = 0 AND FRE...

3
голосов
7ответов
1033 просмотров

Is this stored procedure safe from sql injection?

This stored proc executes sql with parameters using sp_executesql. Is it safe from sql injection? create procedure ExecutePeopleFilter (@lastNameFilter varchar(20), @companyNameFilter varchar(20), @ageFilter int, @dateFilter datetime) as begin declare @sql varchar(4000) ...

3
голосов
2ответов
552 просмотров

Possible injection from date string Select query

I have a problem wich is a little strange. My page contains a html link which refreshes the page and calls a PHP variable. This variable appends a date string to the url string which is fed into a MySQL query, which grabs records matching this date. I think this is causing an injection as it some...

4
голосов
8ответов
2041 просмотров

What are some common SQL injection checks I can use?

I'm running through my web app and I'm trying to test various parts of the system to make sure they aren't succeptible to SQL injection. What are some common sql injection checks I can perform on textboxes/textareas, etc that would be good checks for vulnerability? I'm not worried about damagin...

0
голосов
3ответов
812 просмотров

GAE Datastore and security risks with JDOQL

I just started working on a project that will run on google app engine (GAE). I'm using java (wicket) with some ajax. I'm experienced with relational databases and typically use something like iBatis. When going through the docs and examples for the GAE datastore using JDO I see that they're e...

1
голосов
4ответов
2490 просмотров

SQL Server vs MySQL - SQL Injection Vulnerabilities in Classic ASP

Recently one of our client's websites fell prey to a SQL Injection attack due to a failure to sanitize query string parameters provided to the page. The vulnerable code has since been identified and is being corrected, but it got me wondering about some of the differences between how MySQL and SQ...

1
голосов
4ответов
1759 просмотров

Mysql change delimiter for better SQL INJECTION handling?

I am using mysql and trying to block unwanted queries injection of people who will try to use my single query to run several ones. ie, for example when i have the parameter "?id=3", people can try to run it with ="id=3;drop table users" Now, i know that the best way to avoid this is by parsing a...

42
голосов
4ответов
17118 просмотров

how safe are PDO prepared statements

Started using PDO prepared statements not too long ago, and, as i understand, it does all the escaping/security for you. for example, assuming $_POST['title'] is a form field. $title = $_POST['title']; $query = "insert into blog(userID, title) values (?, ?)" $st = $sql->prepare($query); $st-...

6
голосов
4ответов
13211 просмотров

How to fix Server Status Code: 302 Found by SQL Inject Me Firefox Addon

I scanned my login script using SQL Inject Me Firefox addon According to the Test Results, my script was vulnerable to SQL Injection. Result by example Results: Server Status Code: 302 Found Tested value: &#49&#39&#32&#79&#82&#32&#39&#49&#39&#61&#39&a...

3
голосов
1ответов
3194 просмотров

Injection Attacks against .NET DataView RowFilter

So I'm writing a handler that filters a cached DataTable based on the AppRelativeCurrentExecutionFilePath using the DataView RowFilter property. What's the best way to encode the input to prevent an injection attack? Is the following sufficient? Is there a better/more-elegant way? dataView.Ro...

5
голосов
7ответов
1969 просмотров

If my database user is read only, why do I need to worry about sql injection?

Can they (malicious users) describe tables and get vital information? What about if I lock down the user to specific tables? I'm not saying I want sql injection, but I wonder about old code we have that is susceptible but the db user is locked down. Thank you. EDIT: I understand what you are...

34
голосов
5ответов
5092 просмотров

How does SQL query parameterisation work?

I feel a little silly for asking this since I seem to be the only person in the world who doesn't get it, but here goes anyway. I'm going to use Python as an example. When I use raw SQL queries (I usually use ORMs) I use parameterisation, like this example using SQLite: Method A: username = "...

3
голосов
5ответов
724 просмотров

Using $_GET & $_POST

Maybe I'm doing something wrong right from the beginning, and if so I'll work on that too... I have a menu item that as part of the URL passes an Event ID#. In my specific case it takes the user to an information page for that Event. Then there is a button that lets them sign up for the Event....

4
голосов
6ответов
5752 просмотров

Preventing SQL injection without prepared statements (JDBC)

I have a database log appender that inserts a variable number of log lines into the database every once in a while. I'd like to create an SQL statement in a way that prevents SQL injection, but not using server-side prepared statements (because I have a variable number of rows in every select, c...

4
голосов
2ответов
1959 просмотров

ASP.NET / C# Equivalent of Microsoft Source Code Analyzer for SQL Injection (MSSCASI_ASP)?

Microsoft Source Code Analyzer for SQL Injection (MSSCASI_ASP) is a static code analyzer for classic ASP VBScript code that can help identify pages that might have a sql injection vulnerability. That tool seems to only support vbscript ("The tool understands only ASP code that is written in VBSc...

0
голосов
3ответов
3817 просмотров

How to quote values for LuaSQL?

LuaSQL, which seems to be the canonical library for most SQL database systems in Lua, doesn't seem to have any facilities for quoting/escaping values in queries. I'm writing an application that uses SQLite as a backend, and I'd love to use an interface like the one specified by Python's DB-API: ...

38
голосов
4ответов
12668 просмотров

Does mysql_real_escape_string() FULLY protect against SQL injection?

On http://www.justinshattuck.com/2007/01/18/mysql-injection-cheat-sheet/?akst_action=share-this , there is a section that claims you can bypass mysql_real_escape_string with certain Asian character encodings Bypassing mysql_real_escape_string() with BIG5 or GBK "injection string" に関する追...

1
голосов
2ответов
811 просмотров

escape apostrophes in Linq based stored procedure calls when SP contains dynamic SQL

I noticed the following: An ASP.NET MVC website under development gets an SQL error "Unclosed quotation mark ..." when it makes a LINQ call to a stored procedure that contains dynamic SQL. For example: SP GetEmployees called with parameter [filter_name] that has value [n'for] throws this error...

1
голосов
3ответов
229 просмотров

How Secure is this MySQL statement in a PHP script?

How secure is this MySQL statement built in a PHP? Would it be vulnerable to an SQL injection? $sql = sprintf("INSERT IGNORE INTO my_table VALUES(%d, %d, 1, NOW())", mysql_escape_string($_SESSION['client']['id']), mysql_escape_string($_POST['id']));

0
голосов
7ответов
768 просмотров

Is this PHP/MySQL statement vulnerable to SQL injection?

Should be a simple question, I'm just not familiar with PHP syntax and I am wondering if the following code is safe from SQL injection attacks?: private function _getAllIngredients($animal = null, $type = null) { $ingredients = null; if($animal != null && $type != null) { ...