Questions tagged as 'sql-injection'

Tagged questions
9
answers

How to prevent SQL injection in my PHP code?

I developed a page in PHP for internal use of the company I work with and only very few people use it. You can use this page to do some queries, insertions, changes and deletions of a table in a MySQL database, however I believe that my PHP code...
asked by 03.02.2014 / 13:37
3
answers

Why parameterized SQL queries (name =?) prevent SQL Injection?

Why parameterized SQL queries ( nome = ? ) prevent SQL Injection? Can you cite examples?     
asked by 12.05.2015 / 13:24
3
answers

I am suffering from SQL Injection attacks

Since I opened an online project I'm having problems with trespassing, where someone is doing direct inserts in the database. It was the one that gave me initiative to by in all the variables received through the method $_GET and $_POS...
asked by 12.12.2015 / 12:36
2
answers

What is the question mark in a query?

Does%% use of a query really prevent SQL injection ? Avoid 100%? I saw this code and I heard lots of people talking about it, saying it helps in this case and how to use it? Could someone give a better example? $query = "SELECT * FROM tabel...
asked by 26.06.2014 / 23:18
2
answers

Is it better to parameterize your PreparedStatement even if the value is fixed?

I always read the blog Java Revisited and I was reading the article today Why use PreparedStatement in Java JDBC - Example Tutorial . At one point the author talks about parameterization of queries, it is better, safer and more performative to...
asked by 14.02.2014 / 19:25
2
answers

How does a SQL Injection happen?

Why creating parameters for each field that will be updated helps prevent SQL Injection? Example: SqlCommand comm = new SqlCommand("UPDATE Contatos Set Telefone = @Telefone, " + "Cidade = @Cidade, " +...
asked by 27.11.2015 / 16:23
2
answers

Block javascript and sql-injection attack on the same string

I'm receiving data from a form in php via get. I am handling the information as follows: $search = mysql_real_escape_string(htmlspecialchars($_GET["t"], ENT_QUOTES, 'UTF-8')); With this I intend to block attacks by javascript and sql-inj...
asked by 12.04.2014 / 18:13
2
answers

How to detect intrusion attempts? [duplicate]

In order to protect against SQL injection, I need to devise a function that eliminates the possibility of someone trying to act in bad faith. The question is, does mysqli bring with it any functionality to help counter this? In addit...
asked by 20.10.2015 / 07:20
2
answers

Explain in a simpler way what these attacks are?

I'd like to know in a simpler way what these types of attacks are. Keylogger Brute force attack Rubber Hose Cryptanalysis Sql injection And please, if you can go deeper into the subject, you could tell me a simple example of how to...
asked by 23.05.2016 / 21:16
1
answer

Why do they say that $ _GET in PHP is insecure against sql injection?

Well, my question is simple. I've been lately hearing many stories saying that $ _GET in PHP is insecure against sql injection. Could you tell me why? Thank you.     
asked by 06.03.2017 / 23:47