string concatenation and prepared statements....

General technological topics without their own forum go here

string concatenation and prepared statements....

Post by mookalovesgloop on Fri Aug 17, 2012 8:05 pm
([msg=68815]see string concatenation and prepared statements....[/msg])

i've been up to my eyeballs trying to self-teach and get a working knowledge of SQL, but what google and my "workbook" seem to be silent on is are there any known weaknesses/ways to bypass a sql prepared statement? i'm kind of leery about doing extensive google searching on touchy topics, so if anyone here can point me to where i can learn more about this i would sooooo appreciate it :D thanks

peace and blessings!
mooka
Image
gloop!
User avatar
mookalovesgloop
Poster
Poster
 
Posts: 167
Joined: Wed Apr 18, 2012 7:48 pm
Blog: View Blog (0)


Re: string concatenation and prepared statements....

Post by WallShadow on Fri Aug 17, 2012 8:38 pm
([msg=68816]see Re: string concatenation and prepared statements....[/msg])

Install TOR, start it up, and then go through another proxy. It's completely secure against anyone but the most determined hacker. If you are terribly paranoid about this, also use your local coffee shop to do this.

As for sql weaknesses, the main one is sql injection.

LINKS!

decent generalized guide to introduce you to what it is and how it is done:
http://www.unixwiz.net/techtips/sql-injection.html

simple guide from owasp about what it is and how to prevent it:
https://www.owasp.org/index.php/SQL_injection

useful cheat sheet on sql injection that I've used on multiple occasions: (I'd be careful going to the site though)
http://ha.ckers.org/sqlinjection/

-WallShadow <3
User avatar
WallShadow
Contributor
Contributor
 
Posts: 621
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: string concatenation and prepared statements....

Post by mookalovesgloop on Fri Aug 17, 2012 9:21 pm
([msg=68818]see Re: string concatenation and prepared statements....[/msg])

wow....thank you so, so much!! :mrgreen: :oops:
peace
mooka!
Image
gloop!
User avatar
mookalovesgloop
Poster
Poster
 
Posts: 167
Joined: Wed Apr 18, 2012 7:48 pm
Blog: View Blog (0)


Re: string concatenation and prepared statements....

Post by LoGiCaL__ on Sat Aug 18, 2012 7:06 am
([msg=68821]see Re: string concatenation and prepared statements....[/msg])

Before you go diving right into the sql injections I'd recommend taking the time to actually learn sql to the point where you feel comfortable writing queries with joins, unions, sub queries, then when you look into sql injections it will actually make some more sense as to what you are doing.
User avatar
LoGiCaL__
Addict
Addict
 
Posts: 1063
Joined: Sun May 30, 2010 12:33 pm
Blog: View Blog (0)


Re: string concatenation and prepared statements....

Post by mookalovesgloop on Sat Aug 18, 2012 7:30 pm
([msg=68831]see Re: string concatenation and prepared statements....[/msg])

LoGiCaL__ wrote:Before you go diving right into the sql injections I'd recommend taking the time to actually learn sql to the point where you feel comfortable writing queries with joins, unions, sub queries, then when you look into sql injections it will actually make some more sense as to what you are doing.

yeah i definitely see that i'm gonna have to take baby steps with this... i want a real working knowledge of the language itself it seems like the best one to learn...i think...i mean it seems that sql's the most "universal" language in that it can be used on any type of database and yadda yadda yadda but i'm taking a sort of hegelian approach...the mainstream avenues are only gonna show you one side of the equation...i want to know how to code a rock-solid string, but i wanna know how to crack a rock solid string too, you know? and it's not always as simple as doing the opposite or inverse of the usual method....

i'm rambling :oops: lol anyway what i'm TRYING to say LoGiCaL__ is that i won't try to do things half-assed or cheaply--not my m.o.!! :D
peace and blessings!
mooka
Image
gloop!
User avatar
mookalovesgloop
Poster
Poster
 
Posts: 167
Joined: Wed Apr 18, 2012 7:48 pm
Blog: View Blog (0)



Return to General

Who is online

Users browsing this forum: No registered users and 0 guests