Writing Secure Code
| | ||
Any application that has the following pattern is at risk of SQL injection:
-
Takes user input
-
Does not check user input for validity
-
Uses user-input data to query a database
-
Uses string concatenation or string replacement to build the SQL query or uses the SQL exec command (or similar)