Wednesday, July 11, 2007
How to NOT protect your site against SQL injection
Parameterized queries? Input validation? Pfft. Really secure sites don't need that kind of nonsense to protect against SQL injection attacks. They just kindly ask that you avoid submitting values like "SELECT FROM" or "DROP".
Labels: sql injection, web-app security