Skip to main content
Information Security

Return to Question

Copy edited (e.g. ref. <http://en.wikipedia.org/wiki/PHP>).
Source Link
edit approved Jul 18, 2018 at 19:55
Peter Mortensen
edit approved Jul 18, 2018 at 19:55
Peter Mortensen
  • 897
  • 5
  • 10

What pages are vulnerable to SQL injection?

I believe I understand the basics of SQL injection. II also know using prepared statements with PHP files is the best way to prevent SQL injection. II was always told that SQL injection happens most commonly when an attacker inputs valid sqlSQL commands inside form data fields or file input fields on a public facing site.

However, Ifif I have phpPHP files on my site that can only be accessed by an authenticated user, is it still 100% necessary to use prepared statements?

Also, what about sqlSQL queries that don't require any outside user data to run. Something like:?

SELECT * FROM tableName Something like:

SELECT * FROM tableName

If I'm not passing any variables to a query is it still vulnerable to SQL injection?

What pages are vulnerable to SQL injection

I believe I understand the basics of SQL injection. I also know using prepared statements with PHP files is the best way to prevent SQL injection. I was always told that SQL injection happens most commonly when an attacker inputs valid sql commands inside form data fields or file input fields on a public facing site.

However, If I have php files on my site that can only be accessed by an authenticated user is it still 100% necessary to use prepared statements?

Also, what about sql queries that don't require any outside user data to run. Something like:

SELECT * FROM tableName

If I'm not passing any variables to a query is it still vulnerable to SQL injection?

What pages are vulnerable to SQL injection?

I believe I understand the basics of SQL injection. I also know using prepared statements with PHP files is the best way to prevent SQL injection. I was always told that SQL injection happens most commonly when an attacker inputs valid SQL commands inside form data fields or file input fields on a public facing site.

However, if I have PHP files on my site that can only be accessed by an authenticated user, is it still 100% necessary to use prepared statements?

Also, what about SQL queries that don't require any outside user data to run?

Something like:

SELECT * FROM tableName

If I'm not passing any variables to a query is it still vulnerable to SQL injection?

Tweeted twitter.com/StackSecurity/status/1019281373419499520
Source Link
Austin
Austin
  • 253
  • 2
  • 3

What pages are vulnerable to SQL injection

I believe I understand the basics of SQL injection. I also know using prepared statements with PHP files is the best way to prevent SQL injection. I was always told that SQL injection happens most commonly when an attacker inputs valid sql commands inside form data fields or file input fields on a public facing site.

However, If I have php files on my site that can only be accessed by an authenticated user is it still 100% necessary to use prepared statements?

Also, what about sql queries that don't require any outside user data to run. Something like:

SELECT * FROM tableName

If I'm not passing any variables to a query is it still vulnerable to SQL injection?