Reputation: 31
Package for prevention of sql injection
Is there any pl/sql package which is already written to handle all the scenearios which prevents SQL Injection.Please let me know if any one aware such package.
Thanks for your help
Upvotes: 1
Views: 203
Answers (4)
Reputation: 198557
It sounds more like you want an ORM for applications that use the database more than a PostgreSQL package. Or at least encapsulate your code in a function to provide parameterization.
Think about it this way. SQL injection works by turning invalid input into malicious (but valid) SQL. How would the database be able to determine anything else as far as whether or not it's valid SQL? And if it could tell otherwise in all cases, why wouldn't it just do that by default instead of requiring you to use a certain package?
Upvotes: 0
Reputation: 31
Thanks for reply , I am looking for a package that validates user inputs. Like checks for only alpha numeric and special symbols etc etc It would be great helpful if package exits to check all scenarios –
Upvotes: 0
Reputation: 4277
just use prepared statements in PL/SQL. That will protect against sql injections
Upvotes: 4
Related Questions
- How to prevent SQL Injection in PL/SQL
- SQL Injection Prevention Method
- Protect application from SQL injection
- Where to find PL/SQL injection checking library/code
- What is the best solution for SQL injection security on MySQL?
- PHP -- automatic SQL injection protection?
- SQL Injection Prevention in .NET
- Non-programmatic prevention of SQL injection
- Postgres injection tools