php - Am I safe?? [trying to prevent sql injection] -


this question has answer here:

i wondering if i'm safe sql injection if have in script:

< script>      //some stuff      var item = <?php echo json_oncode($phpvar) ?>      item.replace(/"/,'&quot').replace(/'/,'&#39');      //do more script stuff item  < /script> 

currently using laravel (php), pdo there else should aware of/look out for? (i didn't whitelist/blacklist before submitting database b/c pdo me understand)

also i'm asking b/c item taken user input , dynamically creates html using value of item

the question unanswerable (atleast not in way not give false sense of security) amount of resource provided.

since using pdo i'll go right ahead , ought using prepared statements. injection on whole lies on how web application handles user input.

your question should be, "how piece of user input interact application?" -- ofcourse there isn't set list of things in order keep protected (b)sqli (or other variants of injection [xss/ldap]).

the following resources out further regards sql injection on whole (you need know how vulnerability works in general if want able cover specific).

owasp sql injection

acunetix sql injection

sql injection cheat sheet

there isn't more answer question except maybe go deeper how handle user input regards code have provided (which may don't think required).


Comments

Popular posts from this blog

twig - Using Twigbridge in a Laravel 5.1 Package -

jdbc - Not able to establish database connection in eclipse -

firemonkey - How do I make a beep sound in Android using Delphi and the API? -