Questions tagged [sql-injection]
SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution.
83 questions
0
votes
1
answer
103
views
PHP login codes suggestions
Now i have a fully functional PHP codes for login and registeration i was wondering if anyone could offer improvements to the code
The code:
Config.php:
...
- 47
0
votes
1
answer
213
views
Follow up to Validation Script in PHP
So I've implemented the suggestions in Original question
And now my code looks like this:
...
- 47
-3
votes
1
answer
125
views
-1
votes
2
answers
160
views
My Script Inserts users into a database and hashes the password, I need to know how to prevent SQL injection with Procedural-Oriented MySQLi [closed]
My script works but I just want to know how I can protect myself from SQL injection with Procedural Oriented MySQLi. Most of the tutorials are about Object-Oriented MySQLi and I'm not familiar with it ...
0
votes
1
answer
816
views
Recieving an XSS Injection: <script>alert('xssvuln');</script>
I would very much appreciate it if someone could review the php script below for any security risks.
I have a live website using shared hosting. There's a page that accepts text submissions from users....
user231248
3
votes
1
answer
733
views
Sanitizing user form input in php
Security threats in mind:
SQL Injections!!! --- Solutions: Prepared Statements (PDO) and including
$bpdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false); in ...
user231248
3
votes
3
answers
376
views
Email Validation in PHP
Is this script sufficient enough to validate user email input?
...
user231248
3
votes
1
answer
855
views
Does PDO::quote helps me to protect me against sql injection?
I have to process raw sql user input with Laravel. I've backed them up as follows:
...
2
votes
1
answer
198
views
Does this PDO process look protected from SQL injection?
Does this process look protected from SQL injection attacks?
Is there something I could possibly change to make it more protected?
...
- 427
4
votes
1
answer
107
views
Displaying a user's uploaded posts
I'm working on prepared statements for my website and I'm wondering if it's possible to have multiple prepared statements one after another. In this example, I have 2 select statements. I'm hoping ...
- 43
12
votes
1
answer
338
views
Safe dynamic SQL for generic search
Prompted by discussion about SQL injection, I wanted to put a proof of concept forward to get feedback about whether this is in fact safe and protected against SQL injection or other malicious use. ...
- 2,039
1
vote
1
answer
602
views
PHP MySQLi Prepared Statements: Can this select query be hacked/injected?
i want to know can this be hacked/injected?
...
- 215
3
votes
2
answers
348
views
Database Model Security For Book Inventory
This code is one of the models developed for the Book Inventory application that is open for review. It is also based on a comment on this answer to a C# question. Based on the comment I did some ...
- 26.2k
1
vote
1
answer
105
views
PHP code for search page
Want to show you part of code that I wrote to process search request. User commit search by articles (codes) of products. The goal is to allow user write his search request to textarea element in any ...
- 11
3
votes
1
answer
2k
views
PHP code to insert phone number and IP address into a table if not already present
I am currently coding a PHP script that connects to a database and inserts a phone number and IP address if either item is not present in the table. I believe I have completed it and it is working but ...
- 133
3
votes
4
answers
2k
views
storing data about available RPG games
I have been developing a little, private Blog Site to make notes/ stories of pen and paper RPG games available for my players and me.
This is my first project. As I am new to coding in PHP and MySQL I'...
- 41
2
votes
2
answers
164
views
3
votes
1
answer
102
views
Showing all records on a webpage
I have a connection with my database to show all my records on a webpage, and I'm not sure if this code is safe:
...
- 63
6
votes
1
answer
2k
views
PHP login script
I'm hoping someone would be able to identify if my code is prone to SQL injections, and just overall see if there is anything that could be done better.
This is also my first time using MySQLi ...
- 427
0
votes
1
answer
2k
views
Mysql flexible insert record with bind_param or bind_value
I want to insert rows in a database table with the precaution of SQL-injection. I'm using below flexible MySQL insert function, which enters a record in a given table. Is this the best approach or is ...
- 37
0
votes
1
answer
229
views
PHP & MySQLi Login Script - Is it safe from Injection?
I've been geeking up on MySQLi prepared statements to avoid potential SQL injection and I have managed to modify my legacy code (previously just using mysqli_real_escape_string).
I am looking for ...
3
votes
2
answers
219
views
User authentication SQL injection [closed]
Is this authentication mechanism vulnerable to SQL injection?
If so, how could one exploit it, and what is the most effective way to mitigate this?
...
- 41
0
votes
1
answer
89
views
Checking whether a user is on the donors list
I was wondering if I could please get some justification if the PHP code I wrote using Mysqli prepared statements would be able to withstand SQL injection attacks.
I have one field that gets a value ...
- 3
0
votes
1
answer
100
views
Link shortening script
I wrote this script for a link shortener just for fun.
Is it safe, or is it very easy to inject SQL have other security shortcomings? Also, do you have any tips against MySQL injection?
I don't know ...
- 11
1
vote
1
answer
170
views
Prepared statements in PHP
I just heard of prepared statement in PHP and decided to prevent SQL injection with it and wrote a script testing it.
I would like to know what security threats this script can prevent, what security ...
- 113
2
votes
2
answers
269
views
Email subscription queries for a PHP website
Is this code resistant against injection? I already used 'real-escape-string' but I don't know if this good enough. As you see I replaced my personal info. And the code does work. I'm building this ...
- 123
-1
votes
1
answer
170
views
Searching for topic categories using mysqli [closed]
Is this code safe from injection, xss and whole other attacks or no ?
The below code is for search box :
...
- 11
2
votes
1
answer
353
views
Registering users bank account and logging in securely
I wrote a php script to register a user's bank account and I've tried to make the login as secure as possible, but I wonder if there are any flaws and is it's free from xss attacks and sql injection ...
2
votes
3
answers
3k
views
Booking appointments with MySQLi and PHP
The following code books one appointment for one or more slots. I have never used database before, but have seen so many warnings regarding SQL injections. Since it has never affected me I have not ...
- 123
3
votes
1
answer
4k
views
Function for inserting data into database
I have this function to ease out the task of inserting data into databases.
I am not very sure if it is secure to use it this way.
Any suggestions on improving it?
...
- 230
12
votes
4
answers
5k
views
Inserting robot moves into an SQLite3 database
I'm just wondering if you would consider this to be safe from SQL injection.
A peculiarity of my program is I need to dynamically access table names depending on my scenario.
This is not for ...
- 291
5
votes
2
answers
3k
views
Inserting a record into MySQL with a timestamp
I'm starting with PHP so I can save data to a MySQL database. I read a lot and it seems the "escape" strings is not so safe.
This is my code:
...
- 51
2
votes
1
answer
174
views
Inserting a record into a MySQL table using PDO
Already many days I'm documenting about the SQL Injection. I was wondering if the code I wrote is vulnerable in some of its parts.
...
- 131
1
vote
2
answers
184
views
Security concern for SQL Injections/XSS
This question is everywhere, and I looked at many answers. A lot suggest using mysql_real_escape_string but that isn't an option, since it's depreciated now.
...
- 13
2
votes
2
answers
1k
views
PHP Dynamic QueryBuilder function - Security
This function is a working function, which builds a number of queries depending on the values of $_POST.
...
- 181
4
votes
1
answer
133
views
Possibility of SQL Injection
I am requesting a review of a portion of a 600 lines of code. This portion of the code process a filter that is farther down the page. It takes in the parameters and formats them into a query. Now I ...
- 183
1
vote
1
answer
249
views
Product inventory database
I just finished writing a program which working with a database. Throughout the process when working with people to get past some of the hurdles I faced I was ridiculed for my SQL statements. I have ...
- 145
3
votes
1
answer
177
views
Stored procedure to query custom data tables as dynamic SQL
There's a lot going on here, but the background for why this is necessary is that there is a set schema, or 'core' set of tables that are prefixed with 'bu', and any core table can have a custom table ...
- 131
10
votes
3
answers
1k
views
Inserting OAuth data into a database
I am totally new to PHP. I just wrote a PHP script for google oauth to pull the data and insert into my database. I don't know if my code is vulnerable to SQL injection. Should I have used prepared ...
- 119
0
votes
1
answer
181
views
Improving PHP Security of Login
One of my github issues is below. I am having some problems with my security, is there anything that I should or need to improve. Here is an example of code that I use, but throughout the script there ...
1
vote
2
answers
220
views
Validating users with MySQL
One of my friends told me that my validate.php file has some problems with SQL injections. Please feel free to commit it on GitHub.
...
3
votes
2
answers
160
views
3
votes
2
answers
1k
views
Increase view counter with each page view
My question is similar to before, but now the code has changed completely. I would like to understand if this code is vulnerable to mysql injection.
...
- 41
-2
votes
2
answers
152
views
Authentication check in index.php file
I am aware that this code is vulnerable for SQL injections, but I don't know how to avoid it.
...
- 101
6
votes
1
answer
405
views
mysql_safe_query()
I have been thinking of a sql-injection free implementation in dynamic languages. Here's what I came with. All the code was written just for fun and learning purposes.
I would like to share it and ...
user78811
5
votes
1
answer
376
views
Validating user supplied input
I was assigned a task to fix the SQL injection flaw reported by a code analysis tool. I am not the original author of the code. I am fairly knowledgeable with SQL.
...
- 161
3
votes
1
answer
480
views
Secure login system
The assignment is to create a login system secured for SQL injections and XSS.
It's in PHP and I'm using PDO with prepared statements obviously. Which from my point of view should protect against the ...
- 33
2
votes
3
answers
6k
views
A very secure procedural MySQLI login script against injections
I know there are other ways to create a login script like Object Oriented, Prepared Statements and PDO, but how about those old MySQL PHP users like me trying to change from old style to the new ways? ...
- 53
5
votes
1
answer
948
views
For a login portal, what security measures are needed to prevent unauthorized access?
I'm designing a login portal that has one angularjs page that displays/processes data queried from a database. I'm relying on a few php pages (a loginpage.php [verifies credentials/loads session ...
- 51
1
vote
1
answer
136
views
Populate the database with new tweet data from the json_cache table
I'm really a newbie with code, and I wish to prepare all my statements to avoid SQL injection. I have searched a lot on the internet, but this wrapper/API doesn't look anything like the examples given....
- 19