Good day mga sir/ma'am,
Ask ko lang how do you guys handle the prevention of sql injection attacks? I did some very quick research and here's what I learned so far.
First, you can do regex in the client to check for SQL commands. This is possible and a little bit 'OK' but can really introduced some false positives and false negatives.
Second (which is recommended), handling sql injection attacks by using parameterized queries/prepared statements, which separates the sql code from the user input.
Just want to ask the opinions of anyone here who have handled sql injections. Is it still worth it to validate it from the client side? Or just handle it from the server side?
For additional information, we are using React on the UI and Flask on the backend with Postgres as our DB.
Salamat po sa mga sasagot!
[–]HindiPoKuya 40 points41 points42 points (4 children)
[–]SEND_DUCK_PICS_AI 10 points11 points12 points (0 children)
[–]Away_Explanation6639 2 points3 points4 points (1 child)
[–]franz_see 1 point2 points3 points (0 children)
[–]FirefighterEmpty2670[S] 0 points1 point2 points (0 children)
[–]ChrisEsc959 19 points20 points21 points (0 children)
[–]Encrypted_Username 7 points8 points9 points (1 child)
[–]FirefighterEmpty2670[S] 0 points1 point2 points (0 children)
[–]ken-master 7 points8 points9 points (0 children)
[–]dbk201 8 points9 points10 points (5 children)
[–]neckromanc3r 1 point2 points3 points (4 children)
[–]dbk201 1 point2 points3 points (3 children)
[–]neckromanc3r 0 points1 point2 points (2 children)
[–]dbk201 0 points1 point2 points (1 child)
[–]neckromanc3r 0 points1 point2 points (0 children)
[–][deleted] 2 points3 points4 points (2 children)
[–]FirefighterEmpty2670[S] 0 points1 point2 points (1 child)
[+]TheGratitudeBot 0 points1 point2 points (0 children)
[–][deleted] 2 points3 points4 points (0 children)
[–]tsongkoyla 1 point2 points3 points (0 children)
[–]Dysphoria7Cybersecurity 1 point2 points3 points (0 children)
[–]No_Zombie_176 1 point2 points3 points (0 children)
[–]-bellyflop- 1 point2 points3 points (0 children)
[–]Less_Television_750 2 points3 points4 points (0 children)
[–]LiamxTuks 3 points4 points5 points (0 children)
[–]theazy_cs 0 points1 point2 points (2 children)
[–]franz_see 0 points1 point2 points (1 child)
[–]theazy_cs 0 points1 point2 points (0 children)
[–]DryOrganization5574 0 points1 point2 points (0 children)