Skip to content
DbaFix
Just share answer and question for fixing database problem
MENU
  • HOME

Tag: sql-injection

Second Subquery Inside INSERT Into saves int 0

By adminPosted on May 25, 2023

Question : Read it carefully, we have this query which is inserting values in the table called users. For the […]

SQL injection in Postgres functions vs prepared queries

By adminPosted on May 23, 2023

Question : In Postgres, are prepared queries and user defined functions equivalent as a mechanism for guarding against SQL injection? […]

Wildcard search using parameters in function with dynamic SQL

By adminPosted on March 31, 2023

Question : What is the proper way to implement a wildcard search in PostgreSQL when using a parameter in a […]

Safely quoting type names to protect against SQL-injection

By adminPosted on March 31, 2023

Question : How would I quote the type name to protect against SQL Injection. For example, take this SELECT FORMAT(‘SELECT […]

Does concating a string like this open me up to SQL injection?

By adminPosted on March 26, 2023

Question : I recently answered a question with the following code sample: Create Table #Testing ( emaildomain varchar(100) — Still […]

How to make PostreSQL functions private (inaccessible to end users)?

By adminPosted on March 13, 2023

Question : When writing a set of PostgreSQL functions with procedural languages, is it possible to make some of the […]

Security Risks with having Test Stored Procedures that have SQL Injection Vulnerability

By adminPosted on March 9, 2023

Question : I noticed that some of the stored procedures used in our integration tests for data generation have SQL […]

Trace and analyze logs on SQL Server

By adminPosted on March 3, 2023

Question : I am using an SQL Server 2012 on windows datacenter 2012 I have encountered a situation where i […]

What function quotes an identifier in dynamic-sql with SQL Server?

By adminPosted on February 3, 2023

Question : What is the SQL Server method of safe-quoting identifiers for dynamic sql generation. MySQL has quote_identifier PostgreSQL has […]

Is there any way to break out of the string and inject SQL without using a single quote in oracle?

By adminPosted on December 6, 2022

Question : I’m testing an oracle based application and I’ve found the following code: Query = “SELECT name FROM employees […]

  • 1
  • 2
  • 3
  • …
  • 5

Recent Posts

  • Updating BLOB Columns
  • Availability groups NIC best practices
  • Need to create join on multiple ids on same cell
  • how to find number of empty tables in any schema?
  • Get all records from inner joined tables if second table does not have data
  • Is there an Express version of Azure SQL DB?
  • Optimize schema and query for overlapping date ranges query
  • Merging one-to-many and one-to-one relation in the same JSON object in postgresql
  • Mysql Replication trigger not executing on slave
  • Set priority for an SQL Server role
  • How can I group two joined tables
  • SQL Server Chaining Many-To-Many tables
  • Help with design of sales database
  • Chat schema for PostgreSQL and MongoDB
  • PostgreSQL Database Migration
  • MDX datetime comparison
  • How PostgresSQL stores duplicated VARCHAR values in a column
  • Shrinking T-Log file every weekend basis
  • Dog slow query, needs optimizing, please help
  • Maintaining a production big table

Categories

  • Database Backup
  • Database Design
  • Database Index
  • Database Optimization
  • InnoDB
  • Join
  • MariaDB
  • MongoDB
  • MySQL
  • Oracle
  • Performance
  • Permissions
  • Postgresql
  • Query Performance
  • Replication
  • Security
  • SQL Server
Proudly powered by WordPress / Support by: DizzyCoding