Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
An hacker have much more chance to try to inject this query:
') DELETE FROM Users --
then this one:
') DELETE From Blargblarbglbglab--
Does having a bad table and column naming convention is a good additional protection against Sql injection.
Not a good technique / tactic, aside from making your own life very difficult – if you have a vulnrability that allows them to query tables and see the results in some form, they can inject a query to look in the information_schema views / tables.
So the bad naming only get’s in your own way, it doesn’t make it impossible for a hacker to find out the table names.
Protect against it properly with the right coding practises.