in reply to Re: Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite in thread Preventing SQL injection attacks: Placeholders are enough for MySQL, Postgresql and SQLite
You said that Most hackers use an up-to-date bundle of tricks, typically already in a script, to try to cause harm...and don't bother hand hacking. I didn't have much success looking that up in Google. Do you have any suggestion on resources/modules providing test cases of SQL injection or any other type of security threat? Such a module would be great for testing code safety or queries safety.
BTW, when/if possible, it always seems safer to me to check inputs in a "white list" fashion. If you check that inputs contain only letters, numbers and underscores and don't exceed a certain length, that would probably increase security by a great deal.
|