https://stackoverflow.com/questions/18967078
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianI have used a custom filter to remove all the suspicious character that can be used to do SQL injection attack. We are using callable statement but the real problem was the procedure code were we are building SQL queries to perform certain business logic and this procedure are large in number and complex, rewriting it would be an additional effort both from developer and functional users end and hence we though filtering and removing all such character that could be leading to injection attack will be a optimal short term solution considering our present situation.
Does Antisamy prevents Sql Injection
-
29-06-2022 - |
Question
I was trying to write my own filter before I came across antisamy project that allows you to configure and prevent XSS attack. But I was just wondering if same can be used to prevent sql injection attack?
Any one who has implemented antisamy to prevent sql injection attack can you please let me know how can we go forward.
Solution 2
OTHER TIPS
No, Antisamy doesn't protect you against SQL injections.
In order to prevent SQL injection attacks, a first step is to use prepared statements. OWASP has a good guide on this.
Antisamy was used for XSS issue
Antisamy was implemented only in JAVA & DOT NET or if available for python Plz give me the details
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
