(skeletor is leading by example by adding that unnecessary apostrophe…)

  • MikeWey@programming.dev
    link
    fedilink
    arrow-up
    4
    ·
    9 months ago

    My bank doesn’t allow the characters you would need for a SQL injection in passwords. Checked client side, I don’t want to try and find out if it’s also checked server side, but I hope it is.

    • hakunawazo@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      9 months ago

      No serious software would fall for such an easy attack anymore. With prepared statements it’s impossible to break queries like that. Beside that one principle is to avoid using user inputs directly in your database.