(skeletor is leading by example by adding that unnecessary apostrophe…)

  • @hakunawazo
    link
    31
    edit-2
    10 months ago

    '; DROP TABLE `passwords`; –

    • @[email protected]
      link
      fedilink
      410 months ago

      My bank doesn’t allow the characters you would need for a SQL injection in passwords. Checked client side, I don’t want to try and find out if it’s also checked server side, but I hope it is.

      • @hakunawazo
        link
        210 months ago

        No serious software would fall for such an easy attack anymore. With prepared statements it’s impossible to break queries like that. Beside that one principle is to avoid using user inputs directly in your database.