Abridged SQL Injection Prevention Cheat Sheet

= DRAFT CHEAT SHEET - WORK IN PROGRESS = = Introduction =

SQL Injection is one of the most damaging web vulnerabilities. It represents a serious threat because SQL Injection allows evil attacker code to change the structure of a web application's SQL statement in a way that can steal data, modify data, or facilitate command injection. This cheat sheet is a derivative work of the SQL Injection Prevention Cheat Sheet.

= SQL Injection Prevention Overview =

SQL Injection is best prevented through the use of parametrized queries. The following chart demonstrates, with real-world code samples, how to build parametrized queries in most of the common web languages.

= Related Articles =

= Authors and Primary Editors =

Jim Manico - jim [at] owasp.org