I used this just today to demonstrate to our developers why their attempts to fi... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

bpbp-mango on Dec 2, 2015 | parent | context | favorite | on: Sqlmap – Automatic SQL injection and database take...

I used this just today to demonstrate to our developers why their attempts to fix SQL injection via real_escape_string and regex wasn't a good idea. Great tool.

0x4a42 on Dec 2, 2015 [–]

Why using real_escape_string wouldn't help fixing sqli? Could you provide some examples?

I know prepared statements are the way to go but proper escaping, even if tedious, seams to be OK for me.

bpbp-mango on Dec 2, 2015 | [–]

Some examples can be found here: http://stackoverflow.com/questions/5741187/sql-injection-tha...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact