Skip to main content
The 2024 Developer Survey results are live! See the results

Questions tagged [sql-injection]

SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).

sql-injection
0 votes
0 answers
22 views

prepare method with %s sql injection or not [duplicate]

Is SQLi vuln in the code below? If the code doesn't %s, that code can execute SQLi, but I don't know if the below code is safe or not $query= $wpdb->query($wpdb->prepare("DELETE FROM {$...
Peter's user avatar
  • 1
-1 votes
1 answer
47 views

How to avoid sql injection warning for rails scope [closed]

I have written scope on modal as below and called ruby class method 'display_link_query' scope :data, -> { select("id,#{display_link_query} as display_link .references( :...
Uday Magdum's user avatar
0 votes
1 answer
72 views

Is ExecuteSqlRawAsync method with parameterized query in ASP .NET Core a proper way of preventing SQL injection attacks?

This is a parametrized query: string sqlQuery = @"UPDATE MyTable SET MyTableItemName = @newName WHERE MyTableItemId = @id;"; await _context....
StanSm789's user avatar
-2 votes
0 answers
27 views

Laravel The best approach to avoid SQL Injection [duplicate]

I have a query that is used to create a list of products. I pass it as a parameter to a function that, depending on the item that comes in the request, it concatenates to create the query. What is the ...
Edinho Rodrigues's user avatar
-2 votes
2 answers
100 views

Sql string concatenation is always bad?

At university, we learned, and I also read in many places, that you should NEVER concatenate SQL strings. Yes, I know it's because of SQL injection, and I am aware of that. However, what if the string ...
Balint's user avatar
  • 1
0 votes
0 answers
66 views

SQL injection and resulting query of sp_executesql

I've developed a stored procedure that utilizes dynamic SQL to search for specific entities (this is a procedure for catch all logic). Is this procedure prone to SQL injection, and how do I get the ...
lifeisajourney's user avatar
0 votes
1 answer
82 views

How to avoid SQL content sent from HTML form being blocked by Cloudflare?

I have a POST form that includes a textarea for SQL content. Cloudflare will occasionally classify the content as a SQL Injection attempt and block the submission. Is there a safe or proper way to ...
Joel Cochran's user avatar
  • 7,573
1 vote
0 answers
49 views

How to Enhance Security Against SQL Injection in PHP with PostgreSQL? [duplicate]

I've implemented a PHP script to handle form submissions and insert data into a PostgreSQL database. However, I'm concerned about the potential security vulnerabilities, particularly SQL injection. ...
Joey Cadieux's user avatar
0 votes
0 answers
52 views

Oracle 19c PL/SQL: Security Scan Finding - SQL Injection [duplicate]

I've done a search here on stackoverflow and read through some posts that are similar regarding PL/SQL SQL injection prevention, but they didn't seem to match my question specifically. This post ...
McRivers's user avatar
  • 343
1 vote
1 answer
99 views

how to prevent sql injection in snowflake filter function

Im using input from the user to query snowflake within DRF view, how to prevent in the below code sql injection possibility? entity_id = kwargs['pk'] table = session.table("my_table").filter(...
LiorA's user avatar
  • 87
0 votes
0 answers
50 views

SQL string construction in postgres using Python

I have this piece of code that I'm using to do insert/update in Postgres, but I'm not sure if my construction of the SQL string literal is susceptible to SQL injection. If it is, how may I re-write ...
hello's user avatar
  • 1,228
-3 votes
1 answer
73 views

Parametrize table name in SQL query

I have a Python script executing DB2 query as select count(*) as num_rows from {table} The value of {table} is read from a list of tables and I need to print out the count corresponding to each table. ...
Muradin's user avatar
1 vote
1 answer
89 views

Avoid SQL injection in incoming query coming in in-parameter

I have a procedure which will receive query in in parameter. I'm running the incoming query inside a procedure, and the Checkmarx tool detecting SQL injection in my_cursor. How do I solve this? I ...
Tamil Mani's user avatar
1 vote
0 answers
69 views

Does Mongoose prevent NoSQL injections?

I know that similar questions about the prevention of NoSQL injections exist. One example is this answer on the StackOverflow platform: https://stackoverflow.com/a/63839225/14043571 The answer ...
Ronald's user avatar
  • 177
0 votes
1 answer
66 views

What string can be used in JPQL order by to cause SQL injection?

Consider code similar to this: String orderBy = getParameter("orderBy"); String orderDir = getOrderDir(); // returns "asc" or "desc" String query = "select u from ...
Macok's user avatar
  • 9

15 30 50 per page
1
2 3 4 5
255