I just started learning SQL for the sake of trying to prevent SQL injections in existing code, and this explaining the concept of what SQL injection is, and common ways to prevent it! Thank you! Now I only need to know what the steps of creating prepared statements entail.
Thank you so much, sir. I came here to understand parameterized data queries. I didn't understand this concept at all. Thank you so much for clearing this up for me!
Loved how you explained everything but am confused about the escape all user supplied input point. It would have been great if you would’ve given some more examples on that!
Escaping user input is the least effective way. Best practice would be to use one of the other two methods. Escaping user input is to sanitize the input so the SQL code does not see text with training SQL logic, but just a sting.
Ping me for the complete project(SQL Injection Detection and Prevention), Code, execution, PPT and Documentation Can be used for your college academic project. Project available(Charged)
Not sure if it's too late, but for the first 2 preventions revolves around the Key word parameterize. if you parameterize an input, that input is read as an entire string inside the db example: --You declare a sql variable declare @username varchar(max) = 'Select * from user' --Actual query select * from UserList where @username = 'adminGuy' In the above case you will be comparing with the condition of @username = 'adminGuy' A.K.A 'Select * from user' = 'adminGuy' which is false. Hence it won't return any result. As for the last one, basically escapes all ' characters. Maybe with a regex
I just started learning SQL for the sake of trying to prevent SQL injections in existing code, and this explaining the concept of what SQL injection is, and common ways to prevent it! Thank you! Now I only need to know what the steps of creating prepared statements entail.
Thank you so much, sir. I came here to understand parameterized data queries. I didn't understand this concept at all. Thank you so much for clearing this up for me!
Loved how you explained everything but am confused about the escape all user supplied input point. It would have been great if you would’ve given some more examples on that!
Escaping user input is the least effective way. Best practice would be to use one of the other two methods.
Escaping user input is to sanitize the input so the SQL code does not see text with training SQL logic, but just a sting.
nice information
This video was super helpful. tHANK U
i really liked the video but my website is vulnerable to havij/sqli dumper so how to prevent it from the tools like them?
thank you for amazing video
is there a difference between mitigating and taking countermessures
great video
how to solve if it gives sql injection , JDBCtemplate statement in fortify .
Ping me for the complete project(SQL Injection Detection and Prevention), Code, execution, PPT and Documentation
Can be used for your college academic project.
Project available(Charged)
How to contact?
@@nomads1895 contact: projectscomputerscience@@t
I'm skeptical because of this like to dislike ratio. It's worse than you think.
I am a noob coder but idk how I learned to prevent sql injection 😂
@Amee Eary No thanks 👍
@Dawson Dylan stfu bot, that's a illegal site
What character was escaped in last example?
I'm not sure but i think you should parse/convert the entire input from the user to a string, in this case.
This comment might be late but incase you still didn't get the answer, the ' character is escaped. Can probably do this with a regex to escape '
I didn't understand the last page ''Prevention".
Not sure if it's too late, but for the first 2 preventions revolves around the Key word parameterize. if you parameterize an input, that input is read as an entire string inside the db example:
--You declare a sql variable
declare @username varchar(max) = 'Select * from user'
--Actual query
select * from UserList where @username = 'adminGuy'
In the above case you will be comparing with the condition of @username = 'adminGuy' A.K.A 'Select * from user' = 'adminGuy' which is false. Hence it won't return any result.
As for the last one, basically escapes all ' characters. Maybe with a regex
good hearted user, seriously ? haha