Bobby Tables: A Guide to Preventing SQL Injection
Just came across Bobby-tables.com whilst Stumbling through the ether that is the interwebs.
The aim of the site is to educate software developers (or anyone else interested in development) in the proper manner in which input should be validated prior to being passed into database queries. There are examples for ASP, ColdFusion, C#, Delphi, .NET, Java, Perl, PHP, PostgreSQL, Python, Ruby, and Schema… what, no COBOL?!
Their core recommendations are sound:
- Do not create SQL statements that include outside data.
- Use parameterized SQL calls.
Useful resource. Just thought I’d share.