secure-code-warrior-for-github[bot]
commented
11 months ago Micro-Learning Topic: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') (CWE 89)
Matched on "CWE-89"
The software constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component.
Try a challenge in Secure Code Warrior
Helpful references
- PHP SQL Injection Page - A detailed page on SQL injection in the online PHP manual.
- OWASP SQL Injection Prevention Cheat Sheet - This article is focused on providing clear, simple, actionable guidance for preventing SQL Injection flaws in your applications.
- OWASP SQL Injection - OWASP community page with comprehensive information about SQL injection, and links to various OWASP resources to help detect or prevent it.
- OWASP Query Parameterization Cheat Sheet - A derivative work of the OWASP SQL Injection Prevention Cheat Sheet focused on SQL query parameterization.
- Preventing SQL Injection Attacks With Python - A tutorial on crafting parameterized queries, SQL composition and safe query execution in Python.
We have found an instance of CWE-89 in this codebase