What do u know about structured query language

  • Intercept with php

    Votes: 2 28.6%
  • Much

    Votes: 2 28.6%
  • Much more

    Votes: 4 57.1%
  • Much more

    Votes: 2 28.6%

  • Total voters
    7

mud-oil-chafu

JF-Expert Member
Dec 27, 2020
330
500
SQL Injection (SQLi) is a type of an injection attack that makes it possible to execute malicious SQL statements. These statements control a database server behind a web application. Attackers can use SQL Injection vulnerabilities to bypass application security measures. They can go around authentication and authorization of a web page or web application and retrieve the content of the entire SQL database. They can also use SQL Injection to add, modify, and delete records in the database.

An SQL Injection vulnerability may affect any website or web application that uses an SQL database such as MySQL, Oracle, SQL Server, or others. Criminals may use it to gain unauthorized access to your sensitive data: customer information, personal data, trade secrets, intellectual property, and more. SQL Injection attacks are one of the oldest, most prevalent, and most dangerous web application vulnerabilities. The OWASP organization (Open Web Application Security Project) lists injections in their OWASP Top 10 2017 document as the number one threat to web application security.
 

mzizi1

Member
Oct 9, 2017
86
150
Use of latest technology, Use of Frameworks, improve security measures can reduce/prevent SQL injection.

Language: Python
Framework: Django- Framework
Database: Postgress

No SQL injection at all
 

mud-oil-chafu

JF-Expert Member
Dec 27, 2020
330
500
Use of latest technology, Use of Frameworks, improve security measures can reduce/prevent SQL injection.

Language: Python
Framework: Django- Framework
Database: Postgress

No SQL injection at all
Is the python language in back end dvlp
 

mzizi1

Member
Oct 9, 2017
86
150
Is the python language in back end dvlp
Yeah sure, Python (Django-Framework) enables you to develop almost the entire system using only one Language (Python), starting from Database design (use of Models), developing system logics, also display output to the user (Django Template Language),
Once you use python Framework, you won't use Structured Query Language, hence No SQL injection at all
 

mzizi1

Member
Oct 9, 2017
86
150
Yeah sure, Python (Django-Framework) enables you to develop almost the entire system using only one Language (Python), starting from Database design (use of Models), developing system logics, also display output to the user (Django Template Language),
Once you use python Framework, you won't use Structured Query Language, hence No SQL injection at all
The latest Very Higher Level Language and most marketable Language in the world. And Easiest Language to Learn is .py
 

mathsjery

JF-Expert Member
Sep 26, 2015
1,901
2,000
I was only concetrating on php and SQL for back end....but nshaamua lugha nlizosoma znatosha so python Sina tyme nayo
Kuna ukweli ndani yake hasa kama kazi za php ziko nyingi eneo lako mfano pia kwa freelancing unaweza specialize kama php developer.

Mimi nafikiri kama kuna level ya lugha kadhaa umefikia basi tumia hizo hizo labda kama kuna ulazima maana unaweza adapt swala la sql injection hata ufanye nini kama haujielewi bado unalo.

MK254
 

the great wizard

JF-Expert Member
Dec 21, 2015
1,463
2,000
Kuna module moja naiandika ya PDO kufanya db connection na ku run queries securely.
module itakua very save kutakua na functions unazi call kufanya connection and sanitization, filtering everything xss, SQLi
ntaituma hapa
 

the great wizard

JF-Expert Member
Dec 21, 2015
1,463
2,000
Use of latest technology, Use of Frameworks, improve security measures can reduce/prevent SQL injection.

Language: Python
Framework: Django- Framework
Database: Postgress

No SQL injection at all
Haha napenda MongoDb na NodeJs... But i swear php will still exist kama C alivosema Dennis Ritchie
 

mzizi1

Member
Oct 9, 2017
86
150
Degree yangu Ina C Programming, java, na PHP,
Python nimesoma mwenyewe bila kufundishia na mtu, coz nilikua naijua sana C Programming.

Hapa nilipoajiliwa nilipata nafasi kubwa kozi of additional skills ambayo ni Python na sasa tunadevelop project zote za organization kwa Python. Amini tu katika unachokifanya ila make sure ni sahihi
 

mathsjery

JF-Expert Member
Sep 26, 2015
1,901
2,000
What if:

PHP:
//Array yenye data zinazotakiwa tu
$nataka_hawa_tu = array('Mbwa', 'Paka', 'Mbuzi');

//Block inayo validate kilichoingia kupitia <option> tags na kulinganishwa na data ziizoko kwenye array
if(!in_array($_POST['viumbe'], $nataka_hawa_tu)) {
    $shida['viumbe'] = 'Weee!, embu chagua viumbe vinavyotakiwa tu';
}
//Baada ya hapo wanadefine variable inayochukua validated data
$kilichopita = $_POST['viumbe'];

//Mwisho wanaingiza kwenye database
$unganisha = new Unganisha;
$hifadhi = $unganisha -> prepare('INSERT INTO viumbe (kiumbe) VALUES (?)');
$hifadhi -> execute([$kilichopita]);
 

the great wizard

JF-Expert Member
Dec 21, 2015
1,463
2,000
What if:

PHP:
//Array yenye data zinazotakiwa tu
$nataka_hawa_tu = array('Mbwa', 'Paka', 'Mbuzi');

//Block inayo validate kilichoingia kupitia <option> tags na kulinganishwa na data ziizoko kwenye array
if(!in_array($_POST['viumbe'], $nataka_hawa_tu)) {
    $shida['viumbe'] = 'Weee!, embu chagua viumbe vinavyotakiwa tu';
}
//Baada ya hapo wanadefine variable inayochukua validated data
$kilichopita = $_POST['viumbe'];

//Mwisho wanaingiza kwenye database
$unganisha = new Unganisha;
$hifadhi = $unganisha -> prepare('INSERT INTO viumbe (kiumbe) VALUES (?)');
$hifadhi -> execute([$kilichopita]);
Code:
<?php
/*
PDO CONNECTION
Written By thegreatwizard
*/
$host = 'localhost';
$user = 'root';
$pass = '';
$db = 'mydb';
try{
$DBH = new PDO("mysq:host=$host;dbname=$db", $user, $pass);
$DBH->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$name = 'juma'; $addr = 'Kisutu';
$STH ->prepare('INSERT INTO users (name, addr)');
$STH->bindParam(1, $name); $STH->bindParam(1, $arr);
$STH->execute();
}catch(PDOException $E){


file_put_contents('log.html', $E->getMessage(), FILE_APPEND);

}

?>
 

mathsjery

JF-Expert Member
Sep 26, 2015
1,901
2,000
Code:
<?php
/*
PDO CONNECTION
Written By thegreatwizard
*/
$host = 'localhost';
$user = 'root';
$pass = '';
$db = 'mydb';
try{
$DBH = new PDO("mysq:host=$host;dbname=$db", $user, $pass);
$DBH->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$name = 'juma'; $addr = 'Kisutu';
$STH ->prepare('INSERT INTO users (name,addr)');
$STH->bindParam(1, $name); $STH->bindParam(1, $arr);
$STH->execute();
}catch(PDOException $E){


file_put_contents('log.html', $E->getMessage(), FILE_APPEND);

}

?>
Umerefusha code zako mkuu na pia zina error hukuwa na haja ya kubind parametor in old way kuna mahali utumika ila what if you do the same as me and do not forget your database connection.


Code:
$STH = $DBH ->prepare('INSERT INTO users (name, addr) VALUES(?,?)'); //Add placeholder and execute those value(remember to filter them before execution
$STH->execute([$name, $addr]);//it is enought
 

Msafiri Kasian

JF-Expert Member
Sep 9, 2011
2,066
2,000
Sah, nyie jamaa mnanitamanisha sana yaani na hizi programming skills. Binafsi nina knowledge kidogo na C, C++ na Paschal programming languages, vipi muongozo niendelee vipi? Natamani kuwa programmer mzuri.
 

ablekats619

Member
Aug 11, 2020
31
125
What if:

PHP:
//Array yenye data zinazotakiwa tu
$nataka_hawa_tu = array('Mbwa', 'Paka', 'Mbuzi');

//Block inayo validate kilichoingia kupitia <option> tags na kulinganishwa na data ziizoko kwenye array
if(!in_array($_POST['viumbe'], $nataka_hawa_tu)) {
    $shida['viumbe'] = 'Weee!, embu chagua viumbe vinavyotakiwa tu';
}
//Baada ya hapo wanadefine variable inayochukua validated data
$kilichopita = $_POST['viumbe'];

//Mwisho wanaingiza kwenye database
$unganisha = new Unganisha;
$hifadhi = $unganisha -> prepare('INSERT INTO viumbe (kiumbe) VALUES (?)');
$hifadhi -> execute([$kilichopita]);
so long as your query has (?) your vulnerable to sql injectionn
 

Toa taarifa ya maudhui yasiyofaa!

Kuna taarifa umeiona humu JamiiForums na haifai kubaki mtandaoni?
Fanya hivi...

Umesahau Password au akaunti yako?

Unapata ugumu kuikumbuka akaunti yako? Unakwama kuanzisha akaunti?
Contact us

Top Bottom