Coffee on the Keyboard
  • Home
  • jamessocol.com
Subscribe
Tagged

injection

A collection of 2 posts

django

Injections, SQL and otherwise - Basic Security Part 4

NB: This is the fourth post in a series of posts on web application security. SQL Injection SQL injection is a vector that lets a user insert their own SQL into a statement sent to your database server. The typical example is: 1. "SELECT * FROM users WHERE username = ‘" + username + "’ AND

James Socol Jul 20, 2012 • 1 min read
attack

Responsible SQL: How to Authenticate Users

Most SQL-injection articles set a horrible example for young programmers. Here is a very typical “bad example” of why you need to escape user data before it goes into SQL queries: (ed. The symbol « is a line break that’s not in the real code.) 1. $username = $_POST[‘username’]; // username=

James Socol Nov 9, 2008 • 4 min read
Coffee on the Keyboard © 2022
Powered by Ghost