•Executing unintended SQL by interpolating
dynamic content as part of your code:
SELECT * FROM Bugs
WHERE bug_id = $bug_id
user input
•Executing unintended SQL by interpolating
dynamic content as part of your code:
SELECT * FROM Bugs
WHERE bug_id = 1234 OR TRUE
•Compromises security in many ways:
UPDATE Accounts
SET password = SHA2(' $password')
WHERE account_id = $account_id
No comments:
Post a Comment