List:General Discussion« Previous MessageNext Message »
From:Dan Nelson Date:September 29 2003 5:42am
Subject:Re: SQL Injection
View as plain text  
In the last episode (Sep 28), Tony Thomas said:
> I've been hearing a bit about SQL injection lately, but the only
> documentation I can find refers to Microsoft or Oracle. Anyone know
> of good articles about injection in MySQL? Prevention? Detection? Is
> MySQL less vulnerable?

I would guess that it depends less on the database used and more on the
ability of the programmer.  Use of bind variables or your API's
quoting/escaping functions should completely eliminate the possibly of
injecting SQL.  It's basic security.

	Dan Nelson
SQL InjectionTony Thomas29 Sep
  • Re: SQL InjectionDan Nelson29 Sep
RE: SQL InjectionVictor Pendleton29 Sep