A Guide To Prevent SQL Injection: Bobby Tables

SQL injection, the technique of manipulating SQL queries by sending custom SQL statements using forms or other requests (POST, GET..) to attack databases, is probably the nightmare for many dynamic websites.

Bobby Tables, an online guide to prevent SQL injection, tells "how easy it is to create secure queries" by focusing on 2 facts:

  • not creating SQL statements that include outside data
  • using parameterized SQL calls.

The guide provides information for many popular scripting/programming languages and, for anyone willing to learn more about SQL injection, checking your favorite language is probably a good idea.

Bobby Tables

P.S. The comics is from xkcd.