All Questions
28
questions
12
votes
1
answer
291
views
Safe dynamic SQL for generic search
Prompted by discussion about SQL injection, I wanted to put a proof of concept forward to get feedback about whether this is in fact safe and protected against SQL injection or other malicious use. ...
8
votes
2
answers
3k
views
Is my Java SQL connection secure from hackers?
I would like to know if my java db class is enough protected against hackers. (I'm currently developing an Android application). I protect it with a infos.properties file which contains every ...
7
votes
2
answers
1k
views
Preventing SQL injection by converting all characters to their ASCII values
In order to prevent SQL injection, I'm converting every character of a string to be inserted in the database into its ASCII value before performing the query. In order to read the value of the string ...
5
votes
2
answers
2k
views
Testing filtering of certain characters
I am a 3rd-year computer science undergraduate. One of my university lecturers has developed his own page for students to submit work. It came up that one student was accused of hacking (sic) by the ...
5
votes
1
answer
2k
views
SecureString as SqlParameter value without GC concerns
The purpose here is to make it easy to use sensitive data that is already in the form of a SecureString (example) without converting it to a ...
5
votes
1
answer
144
views
Storing and confirming user input
I am a beginner, and I'm trying to secure a sign-login system on my website. Is my code good/enough to prevent SQL injection?
THIS IS THE SIGN FILES
This is the index.php that takes user input:
...
5
votes
1
answer
158
views
System for inputting and monitoring worker shifts
I've been building a system for inputting and monitoring shifts for casual staff, who work across multiple sites with the ability to generate accounting information.
I've had some help from Stack ...
5
votes
2
answers
1k
views
Inserting users using PDO prepared statements
I made a small script to update fields in a database. I'm using PDO to connect to MySQL. All the business logic of PHP is in the top half of the file, and the form is at the bottom.
Here is the full ...
4
votes
2
answers
694
views
Is there a PHP security exploit with $_POST in my code?
I posted this question here.
And an answer stated that I should not do:
$table_name = 'survey_'.$_POST['surveyid'];
because
It is easy for a hacker to ...
4
votes
1
answer
110
views
T-SQL Secure String Comparison
The previous version of my function was scalar-valued and employed a WHILE loop to do the comparison, this is SLOW. This new version is tabled-valued and uses a typical tally table in place of the ...
4
votes
1
answer
219
views
SQL Server 'Execute As'/Revert pattern in a 'Try/Catch' Block
I wish to ensure I am using the "best" pattern when using an Execute As/Revert from within a Try/Catch block on SQL Server 2012. The below code "seems" to behave correctly... Am I missing anything or ...
3
votes
3
answers
2k
views
Simple CMS system
I'm working on a simple CMS with the intent of making it as secure as possible (a personal challenge) and the code as clean as possible. I think I've a long way to go so I would appreciate any input, ...
3
votes
2
answers
285
views
Database Model Security For Book Inventory
This code is one of the models developed for the Book Inventory application that is open for review. It is also based on a comment on this answer to a C# question. Based on the comment I did some ...
3
votes
2
answers
145
views
Inserting a name into a database table
I want to ask you if my PHP code is safe enough. I don't know if I should escape special characters in string after regex validation:
...
3
votes
1
answer
202
views
Increase security of sign up form code
Does my PHP look secure enough for a sign up form?
...