Home
Database queries should not be vulnerable to injection attacks
Rule description
- Database queries should not be vulnerable to injection attacks
Non-compliant Code Example
string query = "Delete FROM employee WHERE emp_id = '" + ls_valor + "'" // Possible sql injection
string query = "Select * FROM Users WHERE Username = '" + ls_valor + "'" // Possible sql injection
string query = "Insert INTO employee(emp_id) Values('" + ls_valor + "')" // Possible sql injection
string query = "SELECT emp_id FROM employee WHERE " + ls_where // Possible sql injection