This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Abridged SQL Injection Prevention Cheat Sheet"

From OWASP
Jump to: navigation, search
m (SQL Injection Prevention Overview)
m
 
(29 intermediate revisions by 3 users not shown)
Line 1: Line 1:
= DRAFT CHEAT SHEET - WORK IN PROGRESS =
+
Moved: Please see the [[Query Parameterization Cheat Sheet]]
= Introduction =
 
 
 
SQL Injection is one of the most damaging web vulnerabilities.  It represents a serious threat because SQL Injection allows evil attacker code to change the structure of a web application's SQL statement in a way that can steal data, modify data, or facilitate command injection.  This cheat sheet is a derivative work of the [[SQL Injection Prevention Cheat Sheet]].
 
 
 
= SQL Injection Prevention Overview =
 
 
 
SQL Injection is best prevented through the use of ''parametrized queries''. The following chart demonstrates, with real-world code samples, how to build parametrized queries in most of the common web languages.
 
 
 
{| class="wikitable nowraplinks"
 
|-
 
! Language
 
! Parametrized Query
 
|-
 
| Java - Standard
 
| TODO
 
|-
 
| Java - Hibernate
 
| TODO
 
|-
 
| .NET - C#
 
| TODO
 
|-
 
| .NET - ASP.net
 
| TODO
 
|-
 
| Ruby
 
| TODO
 
|}
 
 
 
= Related Articles =
 
 
 
{{Cheatsheet_Navigation}}
 
 
 
= Authors and Primary Editors  =
 
 
 
Jim Manico - jim [at] owasp.org
 
 
 
[[Category:Cheatsheets]]
 

Latest revision as of 08:49, 9 March 2012

Moved: Please see the Query Parameterization Cheat Sheet

Retrieved from "https://wiki.owasp.org/index.php?title=Abridged_SQL_Injection_Prevention_Cheat_Sheet&oldid=125830"