SQL Injection

[N-Bomb(Nerd)]

Is SQL injection only a problem if you are outputting data? With my script it's only adding information to the database.. never pulling anything from it. Do I still have to worry about sql injection?

[Maq]

Is SQL injection only a problem if you are outputting data? With my script it's only adding information to the database.. never pulling anything from it. Do I still have to worry about sql injection?

 

You sure do.

[Fruct0se]

You can dowload "sql inject me" for firefox if you want to test your site for possible injections.

[gizmola]

Any place you take data that comes from a foreign source, sql injection is a possibiity. 

[iarp]

You can dowload "sql inject me" for firefox if you want to test your site for possible injections.

 

I'm weiry about this addon. One of my scripts that only i can access as a test-bed application has 0 protection and the addon reports everythings fine. I tweaked the script so that at least 1 item should fail and trip some type of warning but it reported pass as well. So eithor its a bad addon or i unno whatelse.

[br3nn4n]

You most certainly have the possibility of sql injection- it happens when you're inputting data, NOT when you're outputting it.

 

You are in the situation of being most open to injection

[Mchl]

You most certainly have the possibility of sql injection- it happens when you're inputting data, NOT when you're outputting it.

 

Actually, sql injection can occur whenever there's user submitted data in the query. It doesn't matter if it's INSERT or SELECT.