Skip to content

Posts tagged ‘Bobby Tables’

22
Aug

Bobby Tables: A Guide to Preventing SQL Injection

Just came across Bobby-tables.com whilst Stumbling through the ether that is the interwebs.

XKCD strip: bobby-tables

Source: XKCD

The aim of the site is to educate software developers (or anyone else interested in development) in the proper manner in which input should be validated prior to being passed into database queries. There are examples for ASP, ColdFusion, C#, Delphi, .NET, Java, Perl, PHP, PostgreSQL, Python, Ruby, and Schema… what, no COBOL?!

Their core recommendations are sound:

  • Do not create SQL statements that include outside data.
  • Use parameterized SQL calls.

Useful resource. Just thought I’d share.

css.php