injection (1,939)


Catching SQL Injection and other Malicious Web Requests

Catching SQL Injection and other Malicious Web Requests

I am looking for a tool that can detect malicious requests(such as obvious SQL injection gets or posts) and will immediately ban the IP address of the requester/add to a blacklist. I am aware that i…


mysql - What do I need to escape when sending a query?

When you execute a SQL query, you have to clean your strings or users can execute malicious SQL on your website. I usually just have a function escape_string(blah), which: Replaces escapes(\) with…



oop - What is Inversion of Control?

Inversion of Control(or IoC) can be quite confusing when it is first encountered. What is it? Which problem does it solve? When is it appropriate to use and when not?…


ruby on rails - How Do You Secure database.yml?

Within Ruby on Rails applications database.yml is a plain text file that stores database credentials. When I deploy my Rails applications I have an after deploy callback in my Capistrano recipe that…


c# - Which.NET Dependency Injection frameworks are worth looking into?

Which C#/.NET Dependency Injection frameworks are worth looking into? And what can you say about their complexity and speed.…


Code Injection With C#

Can you use windows hooks or other methods to do code injection with c#? I've seen lots of things about code injection but all of them are done in C/C++. I don't know either of those languages and ha…


javascript - Dynamically display Edit Control Block menu item in SharePoint

I am trying to set up dynamic per-item menus(Edit Control Block) in SharePoint 2007. My goal is to have certain features that are available based on the current user's group membership. I know that…


What's the best way of cleaning up after a SQL Injection?

I've been tasked with the the maintenance of a nonprofit website that recently fell victim to a SQL injection attack. Someone exploited a form on the site to add text to every available text-like fie…


php - How do you manage SQL Queries

At the moment my code(PHP) has too many SQL queries in it. eg...// not a real example, but you get the idea... $results=$db->GetResults("SELECT*FROM sometable WHERE iUser=$userid"); if($result…


Best way to avoid code injection in PHP

My website was recently attacked by, what seemed to me as, an innocent code:<?php if(isset( $_GET['page'])){include( $_GET['page'].".php");}else{include("home.php");}?>…




dependency example net how inject java constructor sql with core