All Questions
28
questions
2
votes
1
answer
170
views
Prevent Column Name Collision
I have been working on a series of posts about a library to connect to databases but most of the scenarios I have to resort to some "JOIN" the problem arose when two or more tables had some ...
5
votes
1
answer
144
views
Storing and confirming user input
I am a beginner, and I'm trying to secure a sign-login system on my website. Is my code good/enough to prevent SQL injection?
THIS IS THE SIGN FILES
This is the index.php that takes user input:
...
2
votes
2
answers
360
views
Secure file upload for PDF only
I am trying to create a secure file upload using PHP 7+ where I only allow PDF files. I found a lot of posts on this topic on different websites but couldn't find a complete solution that ensures that ...
12
votes
1
answer
291
views
Safe dynamic SQL for generic search
Prompted by discussion about SQL injection, I wanted to put a proof of concept forward to get feedback about whether this is in fact safe and protected against SQL injection or other malicious use. ...
3
votes
2
answers
285
views
Database Model Security For Book Inventory
This code is one of the models developed for the Book Inventory application that is open for review. It is also based on a comment on this answer to a C# question. Based on the comment I did some ...
5
votes
2
answers
1k
views
Inserting users using PDO prepared statements
I made a small script to update fields in a database. I'm using PDO to connect to MySQL. All the business logic of PHP is in the top half of the file, and the form is at the bottom.
Here is the full ...
0
votes
4
answers
126
views
How can I choose the right string with fewer lines and less repeating
First of all I know my code is highly vulnerable to SQL injections, but I wanted to code the base first. I have a feeling this can be done with fewer lines and less repeating. I'm sorry if it is ...
-4
votes
2
answers
630
views
Simple login page [closed]
Could anyone tell me if this code is well written and if it has bugs / vulnerabilities?
class.user.php:
...
3
votes
1
answer
252
views
Checkout process
I'm building a checkout process where I am quite frequently making SQL connections based on user input so this is quite important. I want to know if it's well-protected from any SQL injection or other ...
4
votes
1
answer
110
views
T-SQL Secure String Comparison
The previous version of my function was scalar-valued and employed a WHILE loop to do the comparison, this is SLOW. This new version is tabled-valued and uses a typical tally table in place of the ...
-2
votes
1
answer
87
views
Adding tables and values to a database
I am having problems with my code because I am using a system called styleci. Can you please check it? How can I make it better and more secure?
...
3
votes
0
answers
67
views
PL/pgSQL autologin token generation
Here's an excerpt from my migration script for my database for the new "remember me" login option for my web application.
Logging in with a valid username/password combination (authenticate_user) ...
3
votes
2
answers
145
views
Inserting a name into a database table
I want to ask you if my PHP code is safe enough. I don't know if I should escape special characters in string after regex validation:
...
5
votes
1
answer
2k
views
SecureString as SqlParameter value without GC concerns
The purpose here is to make it easy to use sensitive data that is already in the form of a SecureString (example) without converting it to a ...
7
votes
2
answers
1k
views
Preventing SQL injection by converting all characters to their ASCII values
In order to prevent SQL injection, I'm converting every character of a string to be inserted in the database into its ASCII value before performing the query. In order to read the value of the string ...
2
votes
1
answer
534
views
Securing a form with image uploads
I am using PDO prepared statements to store user entered input and store that input to the database. The code will store a text input and 5 uploaded images.
Will this code protect from data SQL ...
2
votes
2
answers
156
views
Social network message board website security
I have a script that contains functions from login in to posting status to friend request send and receive. Pretty much a social network script. Anyways i think my security is not up to date so if ...
8
votes
2
answers
3k
views
Is my Java SQL connection secure from hackers?
I would like to know if my java db class is enough protected against hackers. (I'm currently developing an Android application). I protect it with a infos.properties file which contains every ...
-1
votes
1
answer
129
views
Is this shopping site safe from SQL injection attacks? [closed]
Please verify security from SQL injection attacks.
homepage.php
...
4
votes
2
answers
694
views
Is there a PHP security exploit with $_POST in my code?
I posted this question here.
And an answer stated that I should not do:
$table_name = 'survey_'.$_POST['surveyid'];
because
It is easy for a hacker to ...
5
votes
1
answer
158
views
System for inputting and monitoring worker shifts
I've been building a system for inputting and monitoring shifts for casual staff, who work across multiple sites with the ability to generate accounting information.
I've had some help from Stack ...
3
votes
1
answer
202
views
Increase security of sign up form code
Does my PHP look secure enough for a sign up form?
...
2
votes
3
answers
279
views
Remove vulnerabilities from query on public website [closed]
I think that the following query is preventing against SQL injection, but what other measures do I need to take to ensure my queries are 100% safe from any malicious attacks?
...
3
votes
3
answers
2k
views
Simple CMS system
I'm working on a simple CMS with the intent of making it as secure as possible (a personal challenge) and the code as clean as possible. I think I've a long way to go so I would appreciate any input, ...
1
vote
1
answer
498
views
PHP/SQL session managment
I have this class that I've been working on for the past 2 or 3 days, now it's working I just want to know what you think about it, what other methods should I add, are the basic security checks ...
1
vote
1
answer
85
views
Is this a safe way of using HTTP query parameters to build a SQL query?
Is it? And maybe theres a better way to do this?
...
4
votes
1
answer
219
views
SQL Server 'Execute As'/Revert pattern in a 'Try/Catch' Block
I wish to ensure I am using the "best" pattern when using an Execute As/Revert from within a Try/Catch block on SQL Server 2012. The below code "seems" to behave correctly... Am I missing anything or ...
5
votes
2
answers
2k
views
Testing filtering of certain characters
I am a 3rd-year computer science undergraduate. One of my university lecturers has developed his own page for students to submit work. It came up that one student was accused of hacking (sic) by the ...