So I've been learning a lot about SQL, but I'm kind of confused about stopping SQL injections. I've seen some people say that I should basically encrypt my data to stop SQL injections, and I've seen other people scream "NO DON'T DO THAT. Just escape" So which is the superior method to stopping SQL injections, and what else can I do to stop them?
Stopping SQL injections
Adrian Cooper
Other urls found in this thread:
owasp.org
youtube.com
twitter.com
Brandon Hall
Encryption= No need to escape but MUH CPU
Escaping= What everyone does
Josiah Thomas
if you encrypt it then you can't search for data
just escape and use prepared statements when putting things in
Evan Ramirez
just use stored procedures
Samuel Ward
If the language you are using provides it, you should be executing sql statements in a way that is parametrized.
Dominic Wright
Use parameterization
owasp.org
Robert Young
Use parameterized queries
Lucas Walker
the important thing is to not build sql queries in your application by joining strings together
Joshua Cooper
how does encryption have any relation to sql injection?
Gavin Wilson
Sanitize untrusted input; don't run queries that contain unsanitized untrusted input.
Webdevs are tards.
David Perry
Because when you encrypt Robert'); DROP TABLE Students;--
It turns into something like jkA8#kLrfvdoA!K4iskskUSsjSj
Jack Roberts
This.
Stored procedures / prepared queries. No other method is 100% fool-proof.
Even using stored procedures, some autist is gonna find a way to make them do something you didn't intend them to do unless you pay extremely close attention to your schema.
Ryder Martin
Julian Davis
Holla Forums is NOT your personal tech support team or personal consumer review site. We have stickies for that. Keep those kinds of posts in there.
For tech support, software recommendations, and other questions that don't warrant their own thread, please use the 'Holla Forums Questions and Support' sticky.
Chase Bennett
This is not a request for tech support, this is discussion of techniques for stopping SQL injection.
Robert Sullivan
Avoid SQL. Use graph databases instead. They're more robust and the future of the Web 3.0, aka internet of things
Henry Perry
If for some reason I legitimately needed noSQL i'd just use a noSQL table in postgres.
I know your post is a shit post but it still got to me.
Everyone and their dog are trusting all their data to MongoDB, it's scary.
Even Joyent, the company that stewards nodejs, prefers real databases, that should be telling.
Ethan Harris
that doesn't...
Gabriel Ross
kill yourself
Wyatt Robinson
I never understood the NoSQL push.
To me it just seems like unstructured data and should only be used in cases where the data is actually unstructured.
Can anyone explain to me why it's being touted for other applications?
Henry Gray
Because it structures the data without requiring a schema.
Christopher Davis
Use Linq
Noah Watson
Hi Pajeet the Backseat Mod, Stack Overflow too slow to feed your hunger for control today?
Austin King
And this is why we still have these problems. This was already a known bad idea in the '90s but PHP's shitty bindings to a shitty database making escaping a thing led to untold billions in damages. It took them years and years to bind the positional functions.
I guess we're making progress though as there weren't immediately calls for sanitizing. Maybe 17 more years and we'll be good.
Carson Wright
Don't know how to XOR?