Skip to content

August 22, 2010

Bobby Tables: A Guide to Preventing SQL Injection

Just came across Bobby-tables.com whilst Stumbling through the ether that is the interwebs.

XKCD strip: bobby-tables

Source: XKCD

The aim of the site is to educate software developers (or anyone else interested in development) in the proper manner in which input should be validated prior to being passed into database queries. There are examples for ASP, ColdFusion, C#, Delphi, .NET, Java, Perl, PHP, PostgreSQL, Python, Ruby, and Schema… what, no COBOL?!

Their core recommendations are sound:

  • Do not create SQL statements that include outside data.
  • Use parameterized SQL calls.

Useful resource. Just thought I’d share.

Share your thoughts, post a comment.

(required)
(required)

Note: HTML is allowed. Your email address will never be published.

Subscribe to comments

css.php