10 Replies - 3272 Views - Last Post: 07 November 2012 - 07:12 PM

#1 BarNunBoi  Icon User is offline

  • D.I.C Head

Reputation: 6
  • View blog
  • Posts: 232
  • Joined: 28-March 12

Question: What is the best way to prevent SQL Injections!?

Posted 06 June 2012 - 08:00 AM

I just have a quick question...what is the best way to defend against or prevent SQL Injections??
Is This A Good Question/Topic? 1
  • +

Replies To: Question: What is the best way to prevent SQL Injections!?

#2 jon.kiparsky  Icon User is online

  • Pancakes!
  • member icon


Reputation: 7757
  • View blog
  • Posts: 13,117
  • Joined: 19-March 11

Re: Question: What is the best way to prevent SQL Injections!?

Posted 06 June 2012 - 08:04 AM

Take your SQL in pill form.

/rimshot
Was This Post Helpful? 4
  • +
  • -

#3 macosxnerd101  Icon User is online

  • Self-Trained Economist
  • member icon




Reputation: 10572
  • View blog
  • Posts: 39,143
  • Joined: 27-December 08

Re: Question: What is the best way to prevent SQL Injections!?

Posted 06 June 2012 - 02:17 PM

You can use Prepared Statements.
Was This Post Helpful? 4
  • +
  • -

#4 e_i_pi  Icon User is offline

  • = -1
  • member icon

Reputation: 795
  • View blog
  • Posts: 1,681
  • Joined: 30-January 09

Re: Question: What is the best way to prevent SQL Injections!?

Posted 06 June 2012 - 04:10 PM

*
POPULAR

Lol, +1

Here's some tutorials on DIC by Dormilich that sugar-coat the experience for you. As much as Dormilich sugar-coats things anyhow:
Introduction to PDO
Be prepared for your database
Was This Post Helpful? 5
  • +
  • -

#5 evaaggy  Icon User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 4
  • Joined: 12-June 12

Re: Question: What is the best way to prevent SQL Injections!?

Posted 12 June 2012 - 06:52 AM

If you are using asp.net then look at this tutorial. It gives the best practice to prevent sql injection
SqlClient
Was This Post Helpful? 0
  • +
  • -

#6 jammmie999  Icon User is offline

  • D.I.C Head

Reputation: 3
  • View blog
  • Posts: 117
  • Joined: 01-April 09

Re: Question: What is the best way to prevent SQL Injections!?

Posted 12 June 2012 - 12:27 PM

...by vigorously validating your database inputs.
Was This Post Helpful? 1
  • +
  • -

#7 BobRodes  Icon User is offline

  • Your Friendly Local Curmudgeon
  • member icon

Reputation: 574
  • View blog
  • Posts: 2,989
  • Joined: 19-May 09

Re: Question: What is the best way to prevent SQL Injections!?

Posted 13 June 2012 - 08:30 AM

The best single specific is to use stored procedures, and accept user input as parameters, rather than plugging user input into strings of sql instructions and passing them to your database. And then "vigorously validate your database inputs" from there.
Was This Post Helpful? 1
  • +
  • -

#8 BarNunBoi  Icon User is offline

  • D.I.C Head

Reputation: 6
  • View blog
  • Posts: 232
  • Joined: 28-March 12

Re: Question: What is the best way to prevent SQL Injections!?

Posted 06 November 2012 - 03:01 PM

What is the best way to prevent SQL Injections for CakePHP's upload button. Please post some links to some reference material. Thanks!

This post has been edited by BarNunBoi: 06 November 2012 - 03:01 PM

Was This Post Helpful? 0
  • +
  • -

#9 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6064
  • View blog
  • Posts: 23,520
  • Joined: 23-August 08

Re: Question: What is the best way to prevent SQL Injections!?

Posted 06 November 2012 - 03:29 PM

CakePHP's "upload button"? What is that? Link please.
Was This Post Helpful? 0
  • +
  • -

#10 BarNunBoi  Icon User is offline

  • D.I.C Head

Reputation: 6
  • View blog
  • Posts: 232
  • Joined: 28-March 12

Re: Question: What is the best way to prevent SQL Injections!?

Posted 06 November 2012 - 09:37 PM

Excuse me.....how do prevent injections from the form? I have a form that's allows users to upload data from a spreadsheet and I don't want to be vulnerable to attacks.
Was This Post Helpful? 0
  • +
  • -

#11 laytonsdad  Icon User is offline

  • Cheese and Sprinkles
  • member icon

Reputation: 440
  • View blog
  • Posts: 1,867
  • Joined: 30-April 10

Re: Question: What is the best way to prevent SQL Injections!?

Posted 07 November 2012 - 07:12 PM

http://api.cakephp.org/class/mysql

I believe cake PHP uses PDO

I may be wrong but that is what I have read.
Was This Post Helpful? 1
  • +
  • -

Page 1 of 1