On Sat, May 18, 2013 at 5:13 PM, Philip Green <[email protected]> wrote:
> Hello PaulDotCom mailing list! > > I have a group of programmers working on a site and really, I know more > about breaking into stuff than defending. > > > What do you guys think the most important thing(s) to tell programmers > when they are coding a database to try and prevent SQL injection > attacks occurring? > > > Any website links would really help as well. > > > Thanks in advance. > Trust no user input, whatsoever. Eg: If you are expecting a number, and its not a number, start a fire and burn the client computer :) But, to stay on topic w.r.t. the message subject, I'll suggest you have a look at: https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet In general, if you have the time, check out the rest of owasp.org. It is sure to proof to have a lot of value to you. Have fun. -- Regards Leon Jacobs Sent using electronic mail ツ
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
