Questions tagged as 'sql-injection'

1
answer

Sql Injection in Stored Procedures

SQL injection in Stored Procedures , especially when calling a Procedure by PDO of PHP ? DELIMITER // CREATE PROCEDURE procedureTeste( string VARCHAR(255) ) BEGIN SELECT * FROM produtos WHERE nome = string; END // DELIMITER ;...
asked by 01.03.2018 / 01:12
0
answers

Avoid SQL Injection Login Form

Good morning, I'm new to sql injection security. I always learned only to validate the inputs and then use them in the query, always with mysqli_query and mysqli_fetch_array. I have the following code to check if the login is correct or no...
asked by 27.12.2017 / 09:53
1
answer

PHP security - avoid SQL Injection [duplicate]

It's wrong or unsafe to use: if ($_SERVER['REQUEST_METHOD'] === 'POST') { foreach ($_POST as $key => $value) $$key = $value; ... } Let's say I have this code, but use a procedure call with prepare in the variables. Do I hav...
asked by 12.04.2017 / 15:59
9
answers

How to prevent SQL injection in my PHP code?

I developed a page in PHP for internal use of the company I work with and only very few people use it. You can use this page to do some queries, insertions, changes and deletions of a table in a MySQL database, however I believe that my PHP code...
asked by 03.02.2014 / 13:37
9
answers

How to prevent SQL injection in my PHP code?

I developed a page in PHP for internal use of the company I work with and only very few people use it. You can use this page to do some queries, insertions, changes and deletions of a table in a MySQL database, however I believe that my PHP code...
asked by 03.02.2014 / 13:37
2
answers

How to avoid SQL Injection in my PHP application? [duplicate]

Explanation: Most applications using PHP should be given parameters, by $_GET or $_POST , and these parameters often become an easy target for users with bad intentions, and this is called SQL Injection. Question: I would...
asked by 18.03.2014 / 21:52
2
answers

How to protect against a malicious entry through a select dropdown?

I have form with some options of select , example: <select id="sel1" name="sel1"> <option disabled selected style="display: none">Titulo</option> <option value="op1">op1</option> <optio...
asked by 22.02.2017 / 14:38
1
answer

I want the example of why substituting 'by' and '\' for parameters to a query is dangerous

I see many posts on this subject, but I do not see any examples that fit in my case. function sanitize($value) { $val = str_replace("'", "''", $value); $val = str_replace("\", "\\", $val); return $val; } The query would be m...
asked by 25.07.2016 / 23:22
2
answers

how to do test with sql injection

I want to do sql injection testing. For this, I created a db called person and a table called users. I am passing some sql statements to test the sql ingest. It gives error, but does not execute the query: database connection file: connect...
asked by 05.05.2016 / 16:33
2
answers

Error in a SQL syntax - mysqli_real_escape_string

I have a syntax error in my code, but I can not find which one is wrong. This is the error I'm getting:    You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '...
asked by 17.10.2015 / 05:25