Jump to content

Search the Community

Showing results for tags 'sql injection'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • W3Schools
    • General
    • Suggestions
    • Critiques
  • HTML Forums
    • CSS
  • Browser Scripting
    • JavaScript
    • VBScript
  • Server Scripting
    • Web Servers
    • Version Control
    • SQL
    • ASP
    • PHP
    • .NET
    • ColdFusion
    • Java/JSP/J2EE
    • CGI
  • XML Forums
    • XML
    • Schema
    • Web Services
  • Multimedia
    • Multimedia
    • FLASH

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL








Found 3 results

  1. I am building a website and want to test it for SQL injection vulnerability, when I run the injection, where would I view the results?
  2. Not sure what topic to post this under. I've read a bunch about sql injection and have done all the testing for bad input when building forms and input devices, but then I thought what if you display an alpha-numeric pad for a person to enter the data. I figured you have complete control over the input by processing each character as they are entered and then using a php file to process the end result. Basically there is no place for a hacker to enter a sql string with slashes or whatnot. I'd like to hear what pitfalls there are with this type of approach and what injections or hacking might be tried if I used something like this. Would there be an article someone could point me toward concerning this and how to avoid trouble (not just sql injection, as I've said I've read a bunch, but other standard forms of hacking). Thank you very much! I forgot to mention that my idea of an alpha-numeric pad is to have just A-Z, 0-9 and a button for spacebar, bckspc and enter.
  3. Hi there, I was just looking at the PHP INSERT INTO example at the bottom of the tutorial page http://www.w3schools.com/sql/sql_injection.asp The code shown is:- 1> $stmt = $dbh->prepare("INSERT INTO Customers (CustomerName,Address,City) VALUES (:nam, :add, :cit)");2> $stmt->bindParam(':nam', $txtNam);3> $stmt->bindParam(':val', $txtAdd);4> $stmt->bindParam(':cit', $txtCit);5> $stmt->execute(); Would this not return an error due to the mismatch between :add and :val in lines 1 and 3? I'm not trying to find criticism, purely just trying to understand how to write safer code. Many Thanks to all those involved in putting together and running w3school.
  • Create New...