Sql injection using Parameters (P-DB-b-1)

Using Sql for testing db is much batter almost every one know about it how to use in basic way. all know there are many ways that we can test sql injection . My name is Imran a person who always try to find loop hole in web application maybe your app will be next.

Version 0.02 :

This is basic Version but you will get much batter understanding of SQL injection and Sql Other scripts.

in Future we will see using other tools with Sqlmap fro batter results

To we will see how can we use Sqlmap to find sql injection in public server. and also try to make our own web application that will be a good target to find app. wit hour app we will see how can we use Sql injection in protected web application.

Mothed will are going to fallow in this one that will be Parameters that is one of best way

async function get_comment(req, res) {
  try {
    let comment_id = req.query.id;
    
    // Validate comment_id to ensure it is a non-empty string or a positive integer
    if (!comment_id || isNaN(comment_id) || parseInt(comment_id) <= 0) {
      res.status(400).send('Invalid comment ID');
      return;
    }
    
    // Use parameterized query to prevent SQL injection
    let sql_query = "SELECT * FROM comments WHERE id = ?";
    let comment = await db.execute_query(sql_query, [comment_id]);
    
    // Check if comment exists
    if (comment.length === 0) {
      res.status(404).send('Comment not found');
      return…