PaulDotCom mailing list archives
Re: SQL cheat sheat
From: Leon Jacobs <leonja511 () gmail com>
Date: Mon, 20 May 2013 05:50:39 +0200
On Sat, May 18, 2013 at 5:13 PM, Philip Green <pg () givetechback org> wrote:
Hello PaulDotCom mailing list! I have a group of programmers working on a site and really, I know more about breaking into stuff than defending. What do you guys think the most important thing(s) to tell programmers when they are coding a database to try and prevent SQL injection attacks occurring? Any website links would really help as well. Thanks in advance.
Trust no user input, whatsoever. Eg: If you are expecting a number, and its not a number, start a fire and burn the client computer :) But, to stay on topic w.r.t. the message subject, I'll suggest you have a look at: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet In general, if you have the time, check out the rest of owasp.org. It is sure to proof to have a lot of value to you. Have fun. -- Regards Leon Jacobs Sent using electronic mail ツ
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- SQL cheat sheat Philip Green (May 18)
- Re: SQL cheat sheat allison nixon (May 20)
- Re: SQL cheat sheat Bill Swearingen (May 20)
- Re: SQL cheat sheat Youssef Rebahi-Gilbert (May 20)
- Re: SQL cheat sheat Jamil Ben Alluch (May 20)
- Re: SQL cheat sheat Leon Jacobs (May 20)
- Re: SQL cheat sheat Matt Konda (May 20)
- Re: SQL cheat sheat Patrick Laverty (May 20)
- Re: SQL cheat sheat Michael Allen (May 20)
- Re: SQL cheat sheat Guillaume Ross (May 21)
- Re: SQL cheat sheat Joel Gunderson (May 22)
- <Possible follow-ups>
- Re: SQL cheat sheat Ty Purcell (May 20)
- Re: SQL cheat sheat Bruce Barnett (May 20)