Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re^2: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite

by erik (Sexton)
on Jan 10, 2008 at 11:14 UTC ( #661601=note: print w/replies, xml ) Need Help??


in reply to Re: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite
in thread Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite

You said that Most hackers use an up-to-date bundle of tricks, typically already in a script, to try to cause harm...and don't bother hand hacking. I didn't have much success looking that up in Google. Do you have any suggestion on resources/modules providing test cases of SQL injection or any other type of security threat? Such a module would be great for testing code safety or queries safety.

BTW, when/if possible, it always seems safer to me to check inputs in a "white list" fashion. If you check that inputs contain only letters, numbers and underscores and don't exceed a certain length, that would probably increase security by a great deal.
  • Comment on Re^2: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite

Replies are listed 'Best First'.
Re^3: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite
by andreas1234567 (Vicar) on Jan 10, 2008 at 19:36 UTC

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://661601]
help
Chatterbox?
[perldigious]: That's awesome erix. One of my work friends, who coincidentally convinced me to learn Perl originally, has a Finnish pen-pal. I showed him this and he immediately wanted to send it along to her.
[perldigious]: Also coincidentally, I'm currently in the middle of a winter storm that has dropped 1 foot of snow and is expected to drop another. I might have to adapt this for customers/vendors who come visit and put it at the beggining of every presentation I give.
[Discipulus]: the photo was removed... Cyrano de Berjerac was not of the same idea..
[stevieb]: perldigious: video near our hq in Montreal. Here in Calgary, it's -28c... we've only got 3" of snow so far, but there are several feet in the mountains already

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (14)
As of 2016-12-06 16:26 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    On a regular basis, I'm most likely to spy upon:













    Results (112 votes). Check out past polls.