This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Abridged SQL Injection Prevention Cheat Sheet"

From OWASP
Jump to: navigation, search
m (Created page with "= DRAFT CHEAT SHEET - WORK IN PROGRESS = = Introduction = SQL Injection is one of the most damaging web vulnerabilities. It represents a serious threat because SQL Injection al...")
 
m (SQL Injection Prevention Overview)
Line 6: Line 6:
 
= SQL Injection Prevention Overview =
 
= SQL Injection Prevention Overview =
  
SQL Injection is best prevented through the use of ''parametrized queries'''. The following chart demonstrates, with real-world code samples, how to build parametrized queries in most of the common web languages.
+
SQL Injection is best prevented through the use of ''parametrized queries''. The following chart demonstrates, with real-world code samples, how to build parametrized queries in most of the common web languages.
  
 
{| class="wikitable nowraplinks"
 
{| class="wikitable nowraplinks"
Line 28: Line 28:
 
| TODO
 
| TODO
 
|}
 
|}
 
  
 
= Related Articles =
 
= Related Articles =

Revision as of 23:37, 17 November 2011

DRAFT CHEAT SHEET - WORK IN PROGRESS

Introduction

SQL Injection is one of the most damaging web vulnerabilities. It represents a serious threat because SQL Injection allows evil attacker code to change the structure of a web application's SQL statement in a way that can steal data, modify data, or facilitate command injection. This cheat sheet is a derivative work of the SQL Injection Prevention Cheat Sheet.

SQL Injection Prevention Overview

SQL Injection is best prevented through the use of parametrized queries. The following chart demonstrates, with real-world code samples, how to build parametrized queries in most of the common web languages.

Related Articles

OWASP Cheat Sheets Project Homepage


Authors and Primary Editors

Jim Manico - jim [at] owasp.org