https://github.com/trandung2k1/sql_injection

https://github.com/trandung2k1/sql_injection

expressjs mysql nodejs security sql-injection-attacks sql-server typescript

Last synced: 7 months ago
JSON representation

• Host: GitHub
• URL: https://github.com/trandung2k1/sql_injection
• Owner: trandung2k1
• Created: 2023-05-05T03:34:38.000Z (over 2 years ago)
• Default Branch: master
• Last Pushed: 2023-05-12T08:45:08.000Z (over 2 years ago)
• Last Synced: 2025-05-22T00:39:38.750Z (8 months ago)
• Topics: expressjs, mysql, nodejs, security, sql-injection-attacks, sql-server, typescript
• Language: TypeScript
• Homepage:
• Size: 43 KB
• Stars: 0
• Watchers: 2
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
## SQL Injection

I. Issues queries sql

1.`SELECT * FROM users;-- WHERE id = ${3}` => `SELECT * FROM users`

```sql

`SELECT * FROM users;-- WHERE id = ${3}`

```

2.`SELECT * FROM users WHERE id = 1;-- OR id = 3` => `SELECT * FROM users WHERE id = 1`

```sql

`SELECT * FROM users WHERE id = 1;-- OR id = 3`

```

3.Multiple statements

```sql

`SELECT * FROM users WHERE id = 1; UPDATE users SET name = 'DungU' WHERE id = 1`

```

II. Fix issues sql injection

1.Don’t allow multiple statements

```js

const conn = mysql.createConnection({

    host: 'host',

    user: 'username',

    database: 'database_name',

    multipleStatements: false,

});

```

2.Use placeholders instead of variable interpolation

```sql

`SELECT * FROM users WHERE id = ?`

```

3. Input validation

4. Allowlisting