14 lines
703 B
Plaintext
14 lines
703 B
Plaintext
== Input validation alone is not enough!!
|
|
|
|
You need to do both use parametrized queries and validate the input received from the user. On StackOverflow you will
|
|
see alot of answers stating that input validation is enough. *However* it only takes you so far before you know it
|
|
the validation is broken, and you have an SQL injection in your application.
|
|
|
|
A nice read why it is not enough can be found https://twitter.com/marcan42/status/1238004834806067200?s=21
|
|
|
|
Let's repeat one of the previous assignments, the developer fixed the possible SQL injection with filtering, can you
|
|
spot the weakness in this approach?
|
|
|
|
Read about the lesson goal link:start.mvc#lesson/SqlInjectionAdvanced.lesson/2[here].
|
|
|