What should considered to prevent Injection in request forms?
https://stackoverflow.com/questions/2400469
-
18-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
What should considered to prevent Injection in request forms ?
e.g : using Recaptcha, preventing SQL Injections, etc ... what other item should be consider ?
Solution
Parameterized queries are a must.
You should also validate your input, both on the client and server sides, prior to binding.
OTHER TIPS
- sanitize all your inputs. all only the required stuff.
- always use POST as the method in your form.
- in your server side scripting, anything that got from user should not be directly input to query. retrieve value from db and do the comparison or any other relevent action
Recaptcha, like any other CAPTCHA is a mechanism to identify someone as human. This has nothing to do with SQL injection.
In order to prevent SQL injection attacks, the best form of defense is to use data access libraries as these contain anti SQL injection measures.
You should alway use parameterized queries and never simply build up a SQL string yourself and pass that to the database.
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
