Trending SQL Injection Discussions

Follow

Ask the Community


Ask any professional question and get answers from other specialists.

Stream language
Imran Zabih's image
Question added by Imran Zabih Lead Software Engineer Freelance
7 years ago
Answers:
9
Followers:
Views:
190
Vote Count:
0
Answer should contain a minimum of 25 characters.
Faisal AbdulManan's image
Question added by Faisal AbdulManan Cashier swissotel al maqam makkah
8 years ago

SQL injection ? What made you as penetration tester? ‎

What if black hat hackers call them self we are !what well you do as self wareed.‎

Answers:
1
Followers:
Views:
112
Vote Count:
0
Answer should contain a minimum of 25 characters.
Default profile image
Question added by Deleted user
11 years ago
Answers:
17
Followers:
Views:
597
Vote Count:
4
Answer should contain a minimum of 25 characters.
Muhammad Usman Usman's image
Question added by Muhammad Usman Usman Software Enginner Five Rivers Technologies
11 years ago
Answers:
7
Followers:
Views:
641
Vote Count:
0
Answer should contain a minimum of 25 characters.
Yasmeen  Husam's image
Question added by Yasmeen Husam Web Developer Al Fahid Systems
6 years ago
Answers:
2
Followers:
Views:
5
Vote Count:
0
Answer should contain a minimum of 25 characters.
Fadi Alkhateeb's image  
Answer added by  Fadi Alkhateeb, Senior Front End Developer, NexTwo
11 years ago

Use prepared statements and parameterized queries (PDO & Mysqli). PDO : http://php.net/manual/en/book.pdo.php MYsqli : http://php.net/manual/en/book.mysqli.php   You ... See More

Mohammad Ateieh's image  
Answer added by  Mohammad Ateieh, Software Engineering Manager, Bayt.com
11 years ago

in PDO and MySqli you can bind the parameters and then excute the query another solution you can escape the parameters using "mysql_real_escape_string" its all ... See More

Mohammad Shalabi's image  
Answer added by  Mohammad Shalabi, Solution Architect, Android, and IOS Architect, ALM New Way
10 years ago

Use parameterized queries

Ahsan Aslam's image  
Answer added by  Ahsan Aslam, Software Engineer, FiverRivers Technologies (pvt) Ltd
11 years ago

use a php function name 'mysql_real_escape_string()' but this function will be deprecated in5.5.0 version of php. but you can use MySQLi or PDO_MySQL for preven ... See More

Haroon Ahmad Dar's image  
Answer added by  Haroon Ahmad Dar, web developer, Swenggco Software
7 years ago

SQL injection contains some dynamic statements which can be pass into SQL error effected area and retrieve the desired results from database.