(skeletor is leading by example by adding that unnecessary apostrophe…)

  • @[email protected]
    link
    fedilink
    49 months ago

    My bank doesn’t allow the characters you would need for a SQL injection in passwords. Checked client side, I don’t want to try and find out if it’s also checked server side, but I hope it is.

    • @hakunawazo
      link
      29 months ago

      No serious software would fall for such an easy attack anymore. With prepared statements it’s impossible to break queries like that. Beside that one principle is to avoid using user inputs directly in your database.