Sir, I have a question. Can you please answer? Here you have talked about 3 techniques to prevent sql injections. But if we use only the placeholders using the '?' sign, then do we need to apply the other 2 techniques? Isn't using placeholders enough to prevent sql injections?
Using a placeholder merely ensures that the input is treated as a string and not extra SQL. But you're still giving the user way too much control. What if the input is treated as a username? SELECT * FROM USER WHERE USERNAME = 'JOHNDOE' could easily be changed to SELECT * FROM USER WHERE USERNAME = 'JANEROE' or even SELECT * FROM USER WHERE USERNAME = 'ADMINISTRATOR' So a placeholder might be sufficient in some cases, but it heavily depends on your situation. Using it in combination with his other techniques makes for a better checklist of things one should always do.
Hey man, you are amazing, thanks for the excellent explanation, everything seems to be so easy. What theme are you using?
Thanks for this detailed video, appreciate it 👍
I use Monggose ORM to inetract with MongoDB database. Is it enough too make my app immune to NoSql Injection?
Sir, I have a question. Can you please answer? Here you have talked about 3 techniques to prevent sql injections. But if we use only the placeholders using the '?' sign, then do we need to apply the other 2 techniques? Isn't using placeholders enough to prevent sql injections?
Using a placeholder merely ensures that the input is treated as a string and not extra SQL. But you're still giving the user way too much control. What if the input is treated as a username?
SELECT * FROM USER WHERE USERNAME = 'JOHNDOE'
could easily be changed to
SELECT * FROM USER WHERE USERNAME = 'JANEROE'
or even
SELECT * FROM USER WHERE USERNAME = 'ADMINISTRATOR'
So a placeholder might be sufficient in some cases, but it heavily depends on your situation.
Using it in combination with his other techniques makes for a better checklist of things one should always do.
@@j1000a didnt understand ur example. Using placeholders seems 100% secure.
@@shadmanfatin777 Godspeed to yourself/your employer 💀
@@habibosaye wdym?
if use ? right, at the time we need to use only one params right , if we need to check more than one it will execute or what.
wheres the linked video?