Last time in our web app input sanitation series, we looked at unsanitized input as part of an HTML tag or attribute. This entry focuses on sanitizing SQL queries. Case 3: Sanitizing SQL Query Data The basic SQL attack takes advantage of improper sanitation to execute its own queries against a database. This can lead to a database being compromised.
Tag: Sanitizing Input in Web Apps
In Part 1 of our web app sanitation series, we looked at unsanitized user-controlled data inserted directly into the HTML response of a web page. This entry focuses on a more specific case: user-controlled data being used within a web app in areas like attributes of HTML tags.
Most XSS and SQL injection vulnerabilities are due to improper sanitation of input data. Cleaning such data is vitally important in maintaining the security of a website or web application. This series of blog posts will examine several input sanitation examples within a PHP environment (raw data, data within attribute fields, database sanitation, etc). It also assumes you know a bit about writing PHP code in the first place since we will be using some PHP functions. However, the general ideas we cover will be applicable to all dynamic web apps, regardless of the platform on which they are created. Note: There are ways to clean MOST input data by simply using special libraries or a series of functions. However,[…]