I've just published Back to basics: SQL Injection over on What the # do I know?.
It's not that I think the already existing articles and posts about SQL injection aren't good enough, but because I've seen way too many questions on stackoverflow lately with vulnerable code - and I find it amazing (in a bad way) that this is still a problem today.
I mean, there is an easy-to-use 100% bullet proof solution to this problem for more than two decades now - so why hasn't this threat been eradicated yet?
In this post I summarize the following topics:
- What is SQL Injection?
- How does this work?
- How can you write safe SQL?
- How do parameters prevents SQL Injection?