PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: SQL cheat sheat

From: Guillaume Ross <guillaume () binaryfactory ca>
Date: Tue, 21 May 2013 10:05:17 -0400
IMO - if we are discussing solely SQLi - the MOST important thing is to use parameterized queries.
Then, validate user input (though that is important for way more than SQLi).

Depending on the language you are using and the RDBMS you are accessing there are different ways to parameterize 
queries, but they are typically easy and user friendly. Sometimes they can have a positive performance impact depending 
on the way the query optimizer works too.

Guillaume

On 2013-05-18, at 11:13 AM, Philip Green <pg () givetechback org> wrote:


Hello PaulDotCom mailing list!

I have a group of programmers working on a site and really, I know more about breaking into stuff than defending.


What do you guys think the most important thing(s) to tell programmers when they are coding a database to try and 
prevent SQL injection attacks occurring?


Any website links would really help as well.


Thanks in advance.


Philip Andrei Green
=)
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Attachment: signature.asc
Description: Message signed with OpenPGP using GPGMail

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: