hacking:sql_injection:what_is_sql_injection
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| hacking:sql_injection:what_is_sql_injection [2020/04/16 20:53] – created peter | hacking:sql_injection:what_is_sql_injection [2020/07/15 09:30] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 35: | Line 35: | ||
| Very bad, as this would drop the entire users table. | Very bad, as this would drop the entire users table. | ||
| + | ---- | ||
| ===== What can be done to prevent this from happening? ===== | ===== What can be done to prevent this from happening? ===== | ||
| Line 70: | Line 70: | ||
| If you're connecting to a database other than MySQL, there is a driver-specific second option that you can refer to (e.g. **pg_prepare()** and **pg_execute()** for PostgreSQL). | If you're connecting to a database other than MySQL, there is a driver-specific second option that you can refer to (e.g. **pg_prepare()** and **pg_execute()** for PostgreSQL). | ||
| + | ---- | ||
| ===== Correctly setting up the PDO connection ===== | ===== Correctly setting up the PDO connection ===== | ||
| Line 88: | Line 89: | ||
| Although you can set the charset in the options of the constructor, | Although you can set the charset in the options of the constructor, | ||
| + | ---- | ||
| ===== Explanation ===== | ===== Explanation ===== | ||
| Line 105: | Line 107: | ||
| </ | </ | ||
| + | ---- | ||
| ===== Can Prepared Statements Be Used For Dynamic Queries? ===== | ===== Can Prepared Statements Be Used For Dynamic Queries? ===== | ||
| Line 120: | Line 123: | ||
| </ | </ | ||
| + | ---- | ||
| ===== References ===== | ===== References ===== | ||
| https:// | https:// | ||
hacking/sql_injection/what_is_sql_injection.1587070420.txt.gz · Last modified: 2020/07/15 09:30 (external edit)