bobby-tables

bobby-tables copied to clipboard

Switch to another module than File::Slurp

4

File::Slurp will break under Perl 5.30. Switch to something else, if not just writing my own read_file.

petdance

Another possible fix for #100

dz-at-tc

One possible fix for #100

dz-at-tc

https://github.com/google/go-safeweb/blob/master/safesql/safesql.go similar to normal sql but alleviates some edge cases

5731la

New page: Other types of injections

2

https://www.contextis.com/resources/blog/comma-separated-vulnerabilities/

petdance

https://blog.r2c.dev/2020/preventing-sql-injection-a-django-authors-perspective/

petdance

Ruby page is a bit out of date

5

Ruby/DBI appears to be long gone. Some alternatives: ### Sequel http://sequel.jeremyevans.net/ DB["update customer where code = ?", "abc1"].update DB.fetch("select * from customer where code = ?", "abc1") ### RDBI https://github.com/RDBI/rdbi...

andy-twosticks

Delphi example better be changed

1

from `.Prepare;` to `.Prepared := True;` The original line comes from Delphi 1995 and the library underlying is long dead. http://docwiki.embarcadero.com/Libraries/Tokyo/en/Bde.DBTables.TQuery.Prepare https://en.wikipedia.org/wiki/Borland_Database_Engine The root abstract class has neither `.Prepare;` method...

the-Arioch

The language idioms for avoiding SQL injection which are described here are for use in the application layer -- a programming language / runtime connects to a database server and...

zspitz

Add a page for Javascript

4

HTML 5 has localstorage and SQL database functionality that lets you write Javascript code that will be susceptible to the same pitfalls as any other language.

petdance