Security Basics mailing list archives
Re: why most sql injection is not occurred at mysql?
From: Jedrzej Majko <jedrzej.majko () confort-it com>
Date: Thu, 25 Oct 2007 12:59:45 +0200
jam () zoidtechnologies com pisze:
On Tue, Oct 23, 2007 at 10:14:17AM -0700, Francois Larouche wrote:Annyo MontyRee, Funny you mention this because in my experience I found more sql injections in mysql websites. But as you mention it's not related to the database but how it has been implemented inside the web application or/and inside the stored proc.what I have been doing lately is using a module in PEAR called MDB2. (...)if you use that technique for *every* query, you should not be vulnerable to sql-injection any more. naturally there are other vectors to be concerned about.
Try to use PDO - it's better solution with prepared queries. best, Jedrek
Current thread:
- why most sql injection is not occurred at mysql? MontyRee (Oct 23)
- Re: why most sql injection is not occurred at mysql? Brian Daniel Beck (Oct 23)
- Re: why most sql injection is not occurred at mysql? Francois Larouche (Oct 23)
- Re: why most sql injection is not occurred at mysql? jam (Oct 23)
- Re: why most sql injection is not occurred at mysql? Jedrzej Majko (Oct 25)
- Re: why most sql injection is not occurred at mysql? jam (Oct 23)