How to prevent SQL injection

Filtering prohibited symbols

One of the protection options is black-list filtering, when invalid symbols, for example, single and double quotes (', "), are deleted or denied for input. This method is not suitable for real applications as it cuts off loyal data. Suppose, there is a table "users" in which system’s clients with the field "name" are stored. If a user named D'Artagnan tries to register, the given name will not pass the verification and the user will not be able to use the system.

Sorry, but this is part of
Web-security course

Web-security course

  • Actual web attacks with examples
  • A wrong ways of preventing attacks
  • Security methods guaranties elimination of attacks
  • Quizzes for the material fixation

  Quiz →