Bobby Tables: A Guide to Preventing SQL Injection

Just came across Bobby-tables.com whilst Stumbling through the ether that is the interwebs.

Source: XKCD

The aim of the site is to educate software developers (or anyone else interested in development) in the proper manner in which input should be validated prior to being passed into database queries. There are examples for ASP, ColdFusion, C#, Delphi, .NET, Java, Perl, PHP, PostgreSQL, Python, Ruby, and Schema… what, no COBOL?!

Their core recommendations are sound:

• Do not create SQL statements that include outside data.
• Use parameterized SQL calls.

Useful resource. Just thought I’d share.

Related posts:

1. WordPress <= 3.0.1 Authenticated SQL Injection 0day [Patched]
2. Intercepting Print Jobs with prn-2-me
3. When SQL injection becomes too easy
4. BackTrack 5 “Revolution” in Development (Screenshots)