mysql - Does JSON.stringify a string protect against (My)SQL injection? -


i've run across node.js code gets user-supplied string, calls json.stringify(str) , injects value directly sql statement.

e.g.

var x = json.stringify(unsafe_user_string); mysql_execute('update foo set v = ' + x + ' id = 1');

obviously abuse of json.stringify, not code , authors see attack vector before patch it. because unsafe_user_string string, not object , escaping of obvious " , \ it's not obvious if there serious problem

is code safe? , if not, demonstrate unsafe input?

thanks!

if sure x string, i'm 99% sure makes impossible conduct sql injection attack. confidence goes down 90% when unsure of type x. said, considering of following should not pose vulnerability:

  • null, nan, infinity, -infinity seem come null safe.
  • undefined comes value undefined, not string, i'm not sure that. think considered invalid sql rather pose vulnerability.
  • date in node.js json.stringify(new date()) returns '"2015-11-09t18:53:46.198z"' you'd want.
  • arrays , objects should result in invalid sql although smart conversion enable successful use of sql arrays. said, there might tricky way fill array objects might cause vulnerability, doubt it.
  • hex seems convert integer.
  • buffers , uint8arrays seem come objects. again, there might way populate object vulnerability, doubt it.

Comments

Post a Comment

Popular posts from this blog

IF statement in MySQL trigger -

this query code in mysql trigger. if 1=2 select 'yes'; else select 'no'; end if; but has following error: if '1'='2' select 'yes' error code: 1064. have error in sql syntax; check manual corresponds mysql server version right syntax use near 'if '1'='2' select 'yes'' @ line 1 0.000 sec what solution?
Read more

c++ - What does MSC in "// appease MSC" comments mean? -

i run across // appease msc in c++ comments, e.g. here : const int& array::operator[](int offset) const { int mysize = getitssize(); if (offset >= 0 && offset < getitssize()) return ptype[offset]; throw xboundary(); return ptype[offset]; // appease msc! } what msc stand ? the author means microsoft's compiler, more formally known msvc.
Read more

javascript - Blogger related post gadget image Resize s72-c [ Need Expert Help ] -

i run blogger blog , use follow code javascript code (requires no jquery) show related post labels/categories of post. <script type='text/javascript'> var defaultnoimage=&quot;http://1.bp.blogspot.com/-m72rpguntq0/vuokijudn_i/aaaaaaaaboi/lq18sceunsg/w72/favicon-tik.png&quot;; var maxresults=16; var splittercolor=&quot;#d4eaf2&quot;; var relatedpoststitle=&quot;related posts&quot;; </script> <script type='text/javascript'>//<![cdata[ var relatedtitles = new array(); var relatedtitlesnum = 0; var relatedurls = new array(); var thumburl = new array(); function related_results_labels_thumbs(json) { (var = 0; < json.feed.entry.length; i++) { var entry = json.feed.entry[i]; relatedtitles[relatedtitlesnum] = entry.title.$t; try { thumburl[relatedtitlesnum] = entry.media$thumbnail.url } catch (error) {...
Read more