The right test method for SQL injection

Question

The right test method for SQL injection

Hello, I am developing a website and penetration testing. It is built in CakePHP, which informed me that:

CakePHP already protects you from SQL Injection if you use CakePHP ORM Methods (such as find () and save ()) and the correct array (i.e. array ('field' => $ value)) instead of raw SQL.

However, I am not sure what data needs to be entered into the fields of my input form in order to check the prevention of SQL injection.

I have the following table names with simple VARCHAR attributes -

 categories: name
 clients: address, county, country, name
 items: name
 statuses: name

Would this SQL statement, entered into the form and submitted, be the right way to test an SQL injection attempt?

DROP TABLE "categories";

After submitting this value to the form, the value entered into the database was:

DROP TABLE "categories";

, , - SQL-, ?

+3

security sql database mysql cakephp

user1392324 20 '12 13:16

3

MajidTaheri · Answer 1 · 2012-05-20T13:28:08+0000

SQL- , . SQL- - SQL-?.

Adam Culp · Answer 2 · 2012-05-20T13:29:54+0000

, , . , .

: http://www.darknet.org.uk/tag/sql-injection-tool/

Cheekysoft · Answer 3 · 2012-05-21T10:47:41+0000

, SQL- .

-/ sqli, .

... SQL- - webapp . , , , SQL, . -

sql = 'select col from table where x=' + variable

. , , , .

. https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet

The right test method for SQL injection

More articles: