Questions tagged as 'sql-injection'

2
answers

How to damage a website using XSS / SQL injection?

I'm not a hacker, but I know some techniques. I'm training security and I was really thoughtful about it. Every time I inject a script, it is a alert() , nothing dangerous for the host (for example). I do not have a website, there is no wa...
asked by 21.06.2014 / 05:06
3
answers

Is using filter_var () enough to avoid SQL injection?

Is there a way to prevent the input variables in a query in MySQL using filter_var?     
asked by 23.06.2016 / 15:26
2
answers

mysqli_real_escape_string Prevents SQL Injection?

According to the documentation, the function: Exits special characters in a string for use in a SQL statement, taking into account the current character set of the connection. Then: Is there a possibility of SQL Injection even when us...
asked by 17.11.2017 / 13:54
1
answer

How to protect myself against "MongoInjection"

Use MongoDB in a front-end application that runs on Node.JS through the Express framework. I would like to know how to create protections against MongoDB "Injection" (similar to sql injection ).     
asked by 27.02.2018 / 03:30
2
answers

Is it possible to manipulate SESSION variables to perform SQL Injection?

I am not a cyber attack specialist and I have a small question about the safety of my projects. Basically one of the ways I'm warned of SQL injections is by creating a " treatString () " function, for example, and all data coming in externally I...
asked by 24.07.2018 / 17:28
1
answer

Anti SQL Injection (I've tried everything but Havij still catches it)

Hello! I'm going through a lot of bugs, I've tried ALL the techniques I found on the internet that could prevent SQL Injection, and even then Havij can get my data. This is the code for the page that I'm doing the attack: $id = mysql_real_e...
asked by 11.07.2015 / 02:20
9
answers

How to prevent SQL injection in my PHP code?

I developed a page in PHP for internal use of the company I work with and only very few people use it. You can use this page to do some queries, insertions, changes and deletions of a table in a MySQL database, however I believe that my PHP code...
asked by 03.02.2014 / 13:37
1
answer

Why do they say that $ _GET in PHP is insecure against sql injection?

Well, my question is simple. I've been lately hearing many stories saying that $ _GET in PHP is insecure against sql injection. Could you tell me why? Thank you.     
asked by 06.03.2017 / 23:47
1
answer

PHP Security Stored XSS and SQL Injection

Is there any security breach or possibility of attacks in the code tranny below? public static function prepareQuery($query, $params){ $preparedQuery = self::getConn()->prepare($query); foreach ($params as $key => $value...
asked by 13.04.2017 / 16:53
2
answers

How to avoid SQL Injection attack in this query?

In this case, I'm passing the WHERE through the variable $ where. Can the system undergo SQL Injection? How do you avoid it in this case? For example: select nome from usuario where $where; $where = "cod = 10"; public static functio...
asked by 05.05.2015 / 17:31