SQL injection - Vulnerability

tainted-sql-string

User data flows into this manually-constructed SQL string. User data can be safely inserted into SQL strings using prepared statements or an object-relational mapper (ORM). Manually-constructed SQL strings is a possible indicator of SQL injection, which could let an attacker steal or manipulate data from the database. Instead, use prepared statements ($mysqli->prepare("INSERT INTO test(id, label) VALUES (?, ?)");) or a safe library.
![1](https://user-images.githubusercontent.com/41587193/219984271-1b24dd7e-1e29-4739-a8be-86574c3eccb6.png)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

SQL injection - Vulnerability #25

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

SQL injection - Vulnerability #25

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions