Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

Do you consider security when designing your query string parameters for a website?

if you have a website's page named 'test' that has the following code:

[ASP.NET]

sCid = Request.QueryString["cid"] as string;

sQry = "SELECT * FROM [MyTable] WHERE id=" + sCid + " ORDER BY id";

or [PHP]

$cid = $_GET["cid"];

$qry = 'SELECT * FROM [MyTable] WHERE id=' . $cid . ' ORDER BY id';

 

What do you think will be the result of executing the query if I passed in the URL

/test?cid=1 UNION SELECT NULL FROM INFORMATION_SCHEMA.TABLES

user-image
Question added by Deleted user
Date Posted: 2017/04/18
Ahmad El-Agawy
by Ahmad El-Agawy , Senior SharePoint Developer , Ministry Of Islamic Affairs, Endowments, Dawah and Guidance

Mentioned logic is far away from security, because of SQL injection possibility you referred to.so, my advice is to never use concatenation in SQL queries ex. "select * from table where id =" + idVar; because it's so easy to pass another SQL query injected, instead you need to use body variables / stored procedures. ex. "select * from table where id = @id", after you set the value of @id parameter.

More Questions Like This