Saturday, 8 December 2018

SQL INJECTIONS

Common prevention against SQL Injections
How it works
SQL injection is a code injection technique that might destroy your database. SQL injection is one of the most common web hacking techniques. SQL injection is the placement of malicious code in SQL statements, via web page input. 
SELECT * FROM Users WHERE UserId = 105 OR 1=1;

Preventions
  1. Escape special characters before executing SQL queries
  2. PHP users: use PHP PDO, as it sends data and SQL instructions separately
Sources
https://www.w3schools.com/sql/sql_injection.asp
Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)