Blog @ andreaprovaglio.com

SQL injection vulnerabilities are still very common in web applications (OWASP rates injection flaws as the second most important security issue in Top Ten 2007). Input validation and parameterized queries (also called prepared statements) are the most popular safeguard options to prevent SQL injections. However, even using parameterized queries, an application can still be vulnerable to SQL injections. This is not a new topic (early researches on exploiting parameterized queries appeared more than 3 years ago) but there is still a lot of confusion among security-unaware software developers and architects.