I wanted to know if there is any other measures against SQL injection that can be taken apart from using parametrized Query and validating data.
Thanks!
I wanted to know if there is any other measures against SQL injection that
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I wanted to know if there is any other measures against SQL injection that can be taken apart from using parametrized Query and validating data.
Thanks!
With All good answers above, What I did is create a script that scans all tables and creates whitelist for table names and columns then I use that to validate any user input that is supposed to be table/column name since they don’t go into parametric query. Anything else is parameterized via PDO Bind!