PaulDotCom mailing list archives
Re: SQL cheat sheat
From: Guillaume Ross <guillaume () binaryfactory ca>
Date: Tue, 21 May 2013 10:05:17 -0400
IMO - if we are discussing solely SQLi - the MOST important thing is to use parameterized queries. Then, validate user input (though that is important for way more than SQLi). Depending on the language you are using and the RDBMS you are accessing there are different ways to parameterize queries, but they are typically easy and user friendly. Sometimes they can have a positive performance impact depending on the way the query optimizer works too. Guillaume On 2013-05-18, at 11:13 AM, Philip Green <pg () givetechback org> wrote:
Hello PaulDotCom mailing list! I have a group of programmers working on a site and really, I know more about breaking into stuff than defending. What do you guys think the most important thing(s) to tell programmers when they are coding a database to try and prevent SQL injection attacks occurring? Any website links would really help as well. Thanks in advance. Philip Andrei Green =) _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Attachment:
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- SQL cheat sheat Philip Green (May 18)
- Re: SQL cheat sheat allison nixon (May 20)
- Re: SQL cheat sheat Bill Swearingen (May 20)
- Re: SQL cheat sheat Youssef Rebahi-Gilbert (May 20)
- Re: SQL cheat sheat Jamil Ben Alluch (May 20)
- Re: SQL cheat sheat Leon Jacobs (May 20)
- Re: SQL cheat sheat Matt Konda (May 20)
- Re: SQL cheat sheat Patrick Laverty (May 20)
- Re: SQL cheat sheat Michael Allen (May 20)
- Re: SQL cheat sheat Guillaume Ross (May 21)
- Re: SQL cheat sheat Joel Gunderson (May 22)
- <Possible follow-ups>
- Re: SQL cheat sheat Ty Purcell (May 20)
- Re: SQL cheat sheat Bruce Barnett (May 20)