Doug Greenbaum

RSS

Posts tagged with "sysadmin"

Apr 4

SQL Injection through HTTP Headers

One of the comments:

Cool, but it all assumes the lame way of creating SQL queries by inserting variables using string concatenation. If you have a proper SQL connector (for example Perl DBI) it supports SQL placeholders which imply handling of variable quoting by the SQL server itself, effectively preventing injections.

Response:

Interesting article, though like f055 mentioned it assumes SQL queries are done by variables through string concatenation. That does however not really imply that the universal effectiveness would be low.

Posted 1 year ago

Comments

sysadmin,