Questions tagged [sql-injection]
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).
sql-injection
3,817
questions
-1
votes
1
answer
45
views
How to avoid sql injection warning for rails scope [closed]
I have written scope on modal as below and called ruby class method 'display_link_query'
scope :data, -> { select("id,#{display_link_query} as display_link
.references( :...
0
votes
1
answer
66
views
Is ExecuteSqlRawAsync method with parameterized query in ASP .NET Core a proper way of preventing SQL injection attacks?
This is a parametrized query:
string sqlQuery = @"UPDATE MyTable
SET MyTableItemName = @newName
WHERE MyTableItemId = @id;";
await _context....
-2
votes
0
answers
27
views
Laravel The best approach to avoid SQL Injection [duplicate]
I have a query that is used to create a list of products. I pass it as a parameter to a function that, depending on the item that comes in the request, it concatenates to create the query. What is the ...
-2
votes
2
answers
98
views
Sql string concatenation is always bad?
At university, we learned, and I also read in many places, that you should NEVER concatenate SQL strings. Yes, I know it's because of SQL injection, and I am aware of that.
However, what if the string ...
0
votes
0
answers
66
views
SQL injection and resulting query of sp_executesql
I've developed a stored procedure that utilizes dynamic SQL to search for specific entities (this is a procedure for catch all logic). Is this procedure prone to SQL injection, and how do I get the ...
0
votes
1
answer
75
views
How to avoid SQL content sent from HTML form being blocked by Cloudflare?
I have a POST form that includes a textarea for SQL content. Cloudflare will occasionally classify the content as a SQL Injection attempt and block the submission.
Is there a safe or proper way to ...
1
vote
0
answers
49
views
How to Enhance Security Against SQL Injection in PHP with PostgreSQL? [duplicate]
I've implemented a PHP script to handle form submissions and insert data into a PostgreSQL database. However, I'm concerned about the potential security vulnerabilities, particularly SQL injection. ...
1
vote
0
answers
48
views
Oracle 19c PL/SQL: Security Scan Finding - SQL Injection [duplicate]
I've done a search here on stackoverflow and read through some posts that are similar regarding PL/SQL SQL injection prevention, but they didn't seem to match my question specifically. This post ...
1
vote
1
answer
94
views
how to prevent sql injection in snowflake filter function
Im using input from the user to query snowflake within DRF view, how to prevent in the below code sql injection possibility?
entity_id = kwargs['pk']
table = session.table("my_table").filter(...
0
votes
0
answers
50
views
SQL string construction in postgres using Python
I have this piece of code that I'm using to do insert/update in Postgres, but I'm not sure if my construction of the SQL string literal is susceptible to SQL injection. If it is, how may I re-write ...
-3
votes
1
answer
71
views
Parametrize table name in SQL query
I have a Python script executing DB2 query as
select count(*) as num_rows from {table}
The value of {table} is read from a list of tables and I need to print out the count corresponding to each table. ...
1
vote
1
answer
87
views
Avoid SQL injection in incoming query coming in in-parameter
I have a procedure which will receive query in in parameter. I'm running the incoming query inside a procedure, and the Checkmarx tool detecting SQL injection in my_cursor.
How do I solve this?
I ...
1
vote
0
answers
65
views
Does Mongoose prevent NoSQL injections?
I know that similar questions about the prevention of NoSQL injections exist.
One example is this answer on the StackOverflow platform:
https://stackoverflow.com/a/63839225/14043571
The answer ...
0
votes
1
answer
65
views
What string can be used in JPQL order by to cause SQL injection?
Consider code similar to this:
String orderBy = getParameter("orderBy");
String orderDir = getOrderDir(); // returns "asc" or "desc"
String query = "select u from ...
1
vote
2
answers
128
views
how to sanitze client query to whereFullText eloquent method in laravel
I'm encountering an issue with whereFullText in Laravel. Here's my code:
$search_key = $args['q'] ?? $args['search_key'] ?? NULL;
$builder->when($search_key, function (Builder $builder, $search_key)...