Home page logo
/

basics logo Security Basics mailing list archives

Re: why most sql injection is not occurred at mysql?
From: Jedrzej Majko <jedrzej.majko () confort-it com>
Date: Thu, 25 Oct 2007 12:59:45 +0200

jam () zoidtechnologies com pisze:
On Tue, Oct 23, 2007 at 10:14:17AM -0700, Francois Larouche wrote:
Annyo MontyRee,

Funny you mention this because in my experience I found more sql
injections in mysql websites. But as you mention it's not related to the
database but how it has been implemented inside the web application
or/and inside the stored proc.



what I have been doing lately is using a module in PEAR called MDB2. (...)

if you use that technique for *every* query, you should not be vulnerable to
sql-injection any more. naturally there are other vectors to be concerned
about.
Try to use PDO - it's better solution with prepared queries.

best,
Jedrek


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]