IMO - if we are discussing solely SQLi - the MOST important thing is to use parameterized queries. Then, validate user input (though that is important for way more than SQLi).
Depending on the language you are using and the RDBMS you are accessing there are different ways to parameterize queries, but they are typically easy and user friendly. Sometimes they can have a positive performance impact depending on the way the query optimizer works too. Guillaume On 2013-05-18, at 11:13 AM, Philip Green <[email protected]> wrote: > Hello PaulDotCom mailing list! > > I have a group of programmers working on a site and really, I know more about > breaking into stuff than defending. > > > What do you guys think the most important thing(s) to tell programmers when > they are coding a database to try and prevent SQL injection attacks occurring? > > > Any website links would really help as well. > > > Thanks in advance. > > > Philip Andrei Green > =) > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
