Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re^2: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite

by erik (Sexton)
on Jan 10, 2008 at 11:14 UTC ( [id://661601]=note: print w/replies, xml ) Need Help??


in reply to Re: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite
in thread Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite

You said that Most hackers use an up-to-date bundle of tricks, typically already in a script, to try to cause harm...and don't bother hand hacking. I didn't have much success looking that up in Google. Do you have any suggestion on resources/modules providing test cases of SQL injection or any other type of security threat? Such a module would be great for testing code safety or queries safety.

BTW, when/if possible, it always seems safer to me to check inputs in a "white list" fashion. If you check that inputs contain only letters, numbers and underscores and don't exceed a certain length, that would probably increase security by a great deal.
  • Comment on Re^2: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite

Replies are listed 'Best First'.
Re^3: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite
by andreas1234567 (Vicar) on Jan 10, 2008 at 19:36 UTC
[reply]

In Section Meditations

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://661601]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others browsing the Monastery: (4)
As of 2024-04-19 04:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found