All Questions
28
questions
2
votes
1
answer
170
views
Prevent Column Name Collision
I have been working on a series of posts about a library to connect to databases but most of the scenarios I have to resort to some "JOIN" the problem arose when two or more tables had some ...
5
votes
1
answer
143
views
Storing and confirming user input
I am a beginner, and I'm trying to secure a sign-login system on my website. Is my code good/enough to prevent SQL injection?
THIS IS THE SIGN FILES
This is the index.php that takes user input:
...
2
votes
2
answers
360
views
Secure file upload for PDF only
I am trying to create a secure file upload using PHP 7+ where I only allow PDF files. I found a lot of posts on this topic on different websites but couldn't find a complete solution that ensures that ...
12
votes
1
answer
290
views
Safe dynamic SQL for generic search
Prompted by discussion about SQL injection, I wanted to put a proof of concept forward to get feedback about whether this is in fact safe and protected against SQL injection or other malicious use. ...
3
votes
2
answers
283
views
Database Model Security For Book Inventory
This code is one of the models developed for the Book Inventory application that is open for review. It is also based on a comment on this answer to a C# question. Based on the comment I did some ...
5
votes
2
answers
1k
views
Inserting users using PDO prepared statements
I made a small script to update fields in a database. I'm using PDO to connect to MySQL. All the business logic of PHP is in the top half of the file, and the form is at the bottom.
Here is the full ...
0
votes
4
answers
126
views
How can I choose the right string with fewer lines and less repeating
First of all I know my code is highly vulnerable to SQL injections, but I wanted to code the base first. I have a feeling this can be done with fewer lines and less repeating. I'm sorry if it is ...
-4
votes
2
answers
630
views
Simple login page [closed]
Could anyone tell me if this code is well written and if it has bugs / vulnerabilities?
class.user.php:
...
3
votes
1
answer
252
views
Checkout process
I'm building a checkout process where I am quite frequently making SQL connections based on user input so this is quite important. I want to know if it's well-protected from any SQL injection or other ...
4
votes
1
answer
110
views
T-SQL Secure String Comparison
The previous version of my function was scalar-valued and employed a WHILE loop to do the comparison, this is SLOW. This new version is tabled-valued and uses a typical tally table in place of the ...
-2
votes
1
answer
87
views
Adding tables and values to a database
I am having problems with my code because I am using a system called styleci. Can you please check it? How can I make it better and more secure?
...
3
votes
0
answers
67
views
PL/pgSQL autologin token generation
Here's an excerpt from my migration script for my database for the new "remember me" login option for my web application.
Logging in with a valid username/password combination (authenticate_user) ...
3
votes
2
answers
145
views
Inserting a name into a database table
I want to ask you if my PHP code is safe enough. I don't know if I should escape special characters in string after regex validation:
...
5
votes
1
answer
2k
views
SecureString as SqlParameter value without GC concerns
The purpose here is to make it easy to use sensitive data that is already in the form of a SecureString (example) without converting it to a ...
7
votes
2
answers
1k
views
Preventing SQL injection by converting all characters to their ASCII values
In order to prevent SQL injection, I'm converting every character of a string to be inserted in the database into its ASCII value before performing the query. In order to read the value of the string ...