Sql injection using Parameters (P-DB-b-1)

Imran Niaz
5 min readJul 9, 2023

Using Sql for testing db is much batter almost every one know about it how to use in basic way. all know there are many ways that we can test sql injection . My name is Imran a person who always try to find loop hole in web application maybe your app will be next.

Version 0.02 :

This is basic Version but you will get much batter understanding of SQL injection and Sql Other scripts.

in Future we will see using other tools with Sqlmap fro batter results

To we will see how can we use Sqlmap to find sql injection in public server. and also try to make our own web application that will be a good target to find app. wit hour app we will see how can we use Sql injection in protected web application.

Mothed will are going to fallow in this one that will be Parameters that is one of best way

async function get_comment(req, res) {
try {
let comment_id = req.query.id;

// Validate comment_id to ensure it is a non-empty string or a positive integer
if (!comment_id || isNaN(comment_id) || parseInt(comment_id) <= 0) {
res.status(400).send('Invalid comment ID');
return;
}

// Use parameterized query to prevent SQL injection
let sql_query = "SELECT * FROM comments WHERE id = ?";
let comment = await db.execute_query(sql_query, [comment_id]);

// Check if comment exists
if (comment.length === 0) {
res.status(404).send('Comment not found');
return…

--

--

Imran Niaz
Imran Niaz

Written by Imran Niaz

I hope you all are well. My name is Imran Niaz. I like to see such things related to technology and global politics. They are changing the society ..

No responses yet