Description:
If you have an SQL query that accepts user input, it may be vulnerable to SQL injection.
A query like so:
SELECT * FROM `users` WHERE `username` = 'user input' AND password = '...'; would be susceptible to SQL injection because if an attacker would provide an input value of "' OR '1'='1 /*" the database wuld provide every row in the table.
To avoid SQL injection, send the user input and the SQL query to the database separately.
If you're using PHP, use PDO.
If you use Java, opt for JDBC with PreparedStatement.
If you develop in Ruby, look into the Sequel library.
If you create applications in Node.js, use node-postgres ("pg") for postgresql or "mysql2" for mysql.
In Go, opt to use database/sql with db.QueryRow().
#shorts #security #reels #sql #mysql #mariadb
Share this link via
Or copy link
























