C++ SQLI Vulnerabilities?
So i am creating this program kinda as a self enjoyment and learning experience so this is not necessary but later on if i have to apply this to a real world programming situations then what will i do?
So i am making a login for a C++ Application and from my knowledge of drifting the interwebs i realize how easy it would be to SQLI!!!
this is my code **Datasource etc blankes out for obvs reasons lol**
So what i realize is that all this does is execute a Query so if someone puts DROP TABLE * or what ever (i'm not the best on my feet SQL thinker) then it will execute that and chaos ensues!
So i am wondering (1.) Am i wrong about the easy chance of SQLI (2.)Is there a way to prevent against this?(3.)Am i just using an old outdated vulnerable af login method?
So i am making a login for a C++ Application and from my knowledge of drifting the interwebs i realize how easy it would be to SQLI!!!
this is my code **Datasource etc blankes out for obvs reasons lol**
|
|
So what i realize is that all this does is execute a Query so if someone puts DROP TABLE * or what ever (i'm not the best on my feet SQL thinker) then it will execute that and chaos ensues!
So i am wondering (1.) Am i wrong about the easy chance of SQLI (2.)Is there a way to prevent against this?(3.)Am i just using an old outdated vulnerable af login method?
One way to prevent SQL injection is to use the MySqlCommand.Parameters instead of inserting the user input to the sql string.
https://dev.mysql.com/doc/dev/connector-net/html/P_MySql_Data_MySqlClient_MySqlCommand_Parameters.htm
http://www.4guysfromrolla.com/webtech/061902-1.shtml
It might also worth to check the input for words like drop, delte etc.
https://dev.mysql.com/doc/dev/connector-net/html/P_MySql_Data_MySqlClient_MySqlCommand_Parameters.htm
http://www.4guysfromrolla.com/webtech/061902-1.shtml
It might also worth to check the input for words like drop, delte etc.
Topic archived. No new replies allowed.