SQL injection attacks
Trying to spend my morning brushing up my knowledge on this, the problem I have is I don’t understand what a string literal escape character is and apparently that’s important… Maybe I don’t need to understand it, as long as people are making sure it doesn’t happen and putting in specific firewalls, surely that’s enough!
Any thoughts on what this is always appreciated!… Maybe it has something to do with fairies, it normally does
Your suspicions are correct, Pete.
It all comes down to the database fairies being such trusting little souls who will happily do whatever they’re asked to do. So, you have to check that naughty trolls aren’t using their nefarious techniques to trick the database fairies into doing something bad!
So, the pixies - you know, the ones that run web applications - shouldn’t directly use the information entered on a web site for making database queries, but should validate the input first and then use something called “parametrised statements” when talking to the database fairies.
And that’s it, really. True story.
Everything makes more sense when you put it in the context of fairies and pixies!
@2 years ago