Reputation: 509
Mysql Database Attacks other than Sql Injection
I am using mysqli prepared statements and bound variables.
Then to prevent sql injection, am I need to do anything else(eg: data type validation, filtering, sanitize, string escape etc ) with user input ?
Is there any other way of attacking MySql database other than Sql Injection ?
Upvotes: 3
Views: 760
Answers (1)
Reputation: 157889
To prevent SQL injection you have to format your query properly.
Every literal that have to be added to the query dynamically, have to be properly formatted.
Not only data literals like strings and numbers but all of them, including operators and identifiers.
The only proper way to make values formatted is prepared statements.
For the identifiers and operators you will need also filtering, to let only allowed ones into query.
Whatever user input should not be involved at all. It's destination, not source that matters.
Is there any other way of attacking MySql database other than Sql Injection ?
sure thing. But the topic is too broad to make you secured by means of a forum post. Better hire a DBA.
Upvotes: 2
Related Questions
- SQL - What is the real danger of SQL injection?
- what sql injection can do to harm you
- SQL injection vulnerable?
- MySQL Injection prevention
- MySql Database Hacked, NOT injections
- MySQL injection penetration
- SQL injections in ADOdb and general website security
- What is the best solution for SQL injection security on MySQL?
- Am I safe from SQL-injections?
- Anything else other than sql injection?