Noticed a small mistake in the MySQL section:<p><pre><code> Error Based:
AND (SELECT * FROM SOME_EXISTING_TABLE) = 1
</code></pre>
Unless SOME_EXISTING_TABLE has no more than one row, that query will fail. See <a href="http://dev.mysql.com/doc/refman/5.0/en/comparisons-using-subqueries.html" rel="nofollow">http://dev.mysql.com/doc/refman/5.0/en/comparisons-using-sub...</a>:<p>"<i>For a comparison of the subquery to a scalar, the subquery must return a scalar.</i>"<p>It's easy to fix: just add <i>LIMIT 1</i> to the end of the sub-select.<p>---<p>This document is very useful. I've been doing web app security for a while and I haven't run across some of these techniques before (eg: PROCEDURE ANALYSE()). I didn't realize that PDO_MYSQL allowed for multiple queries by default either (although it makes sense, since historically other RDBMS have supported it).
HELP! I don't 'get it'!<p>Looking at that list of SQL injection attack techniques, I don't see the threat.<p>Or: Yes, I'm building a Web site, and the server will be running SQL Server.<p>Some of my Web pages have users enter data in text boxes. So, they could enter a SQL command in a text box.<p>Then when the Web page is returned to my Web server as a 'post back', my software reads the data in the text boxes.<p>I have the page built, have code for extracting the data from the text boxes and putting it in, say, string variables in Visual Basic .NET, and now am writing the code for looking at the data in the strings from the text boxes.<p>So far, I see no threat.<p>So, I intend to look at the data in the strings and see if it looks anything like a SQL command. Anything that looks like a SQL command will get rejected as bad data and not get near my SQL Server database. Maybe I will write the bad data to my log file.<p>So, I'm checking the input data from the users. I am assuming that the input data could be anything at all until my code establishes otherwise.<p>Doesn't everyone do such checking?<p>With such checking, where is the threat of 'SQL injection'?<p>If SQL injection is a threat, then why? Just from people not checking input data from users? Some other reason?