(skeletor is leading by example by adding that unnecessary apostrophe…)

    • MikeWey@programming.dev
      link
      fedilink
      arrow-up
      4
      ·
      4 months ago

      My bank doesn’t allow the characters you would need for a SQL injection in passwords. Checked client side, I don’t want to try and find out if it’s also checked server side, but I hope it is.

      • hakunawazo@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        4 months ago

        No serious software would fall for such an easy attack anymore. With prepared statements it’s impossible to break queries like that. Beside that one principle is to avoid using user inputs directly in your database.