Safeguard
Tag

sql-injection

Safeguard articles tagged "sql-injection" — guides, analysis, and best practices for software supply chain and application security.

46 articles

Industry Analysis

SQL Injection Prevention in Java with PreparedStatement

Java teams still ship SQL injection bugs despite PreparedStatement being free and built into the JDK since 1997. Here is how it works and where it fails.

Oct 27, 20258 min read
Industry Analysis

SQL Injection Prevention in Python with Parameterized Que...

SQL injection remains widespread in Python apps despite decades-old fixes. Here's how parameterized queries actually prevent it, and where ORMs still leave gaps.

Oct 27, 20257 min read
Industry Analysis

SQL Injection Prevention in Node.js/JavaScript

SQL injection still hits Node.js apps through raw drivers, Sequelize, Prisma, and Knex alike. Here's how it happens, what safe queries look like, and how to catch it in CI.

Oct 27, 20259 min read
Industry Analysis

SQL Injection Prevention in Go with database/sql Prepared...

How Go's database/sql prepared statements prevent SQL injection, where developers still get it wrong with dynamic queries and ORMs, and how Safeguard catches these gaps in code review.

Oct 26, 20258 min read
Regulatory Compliance

SQL Injection Prevention in C# with Entity Framework/LINQ

EF Core's LINQ layer parameterizes queries by default, but FromSqlRaw, ExecuteSqlRaw, and dynamic sort columns still open real SQL injection risk in .NET apps.

Oct 26, 20258 min read
Industry Analysis

SQL Injection Prevention in PHP with Parameterized Queries

Parameterized queries stop SQL injection in PHP by separating code from data. Here's how PDO and MySQLi prepared statements work, and where they still fail.

Oct 26, 20258 min read
Industry Analysis

SQL Injection Prevention in Ruby with exec_params Binding

Ruby's pg gem makes SQL injection preventable with one method change. Here's how exec_params binds parameters, why Rails CVEs keep recurring, and how to migrate safely.

Oct 26, 20257 min read
Industry Analysis

SQL Injection Prevention in Rust with sqlx

sqlx blocks SQL injection by default with compile-time query checks and bind parameters — but format!() and raw SQL calls can still reopen the gap. Here's how to audit for it.

Oct 25, 20257 min read
Industry Analysis

SQL Injection Prevention in C++ with SQLite Bind Parameters

How sqlite3_bind_text() stops SQL injection in C++ apps, common mistakes with bind parameters, and how to audit existing SQLite code for injection risk.

Oct 25, 20257 min read
Vulnerability Analysis

CVE-2020-9402: SQL injection via Django GIS functions

CVE-2020-9402 let attackers inject SQL through GeoDjango's tolerance parameter on Oracle backends. Here's what's affected, severity context, and how to remediate.

Oct 8, 20259 min read
Vulnerability Analysis

CVE-2022-34265: SQL injection via Trunc/Extract database ...

A technical breakdown of CVE-2022-34265, the Django SQL injection flaw in Trunc() and Extract(), covering affected versions, risk, and remediation steps.

Oct 8, 20257 min read
Application Security

How Snyk Code detects SQL injection vulnerabilities step ...

A mechanical, publicly-documented look at how Snyk Code's symbolic analysis and ML model trace source-to-sink data flow to detect SQL injection vulnerabilities.

Sep 13, 20258 min read
sql-injection (Page 3) — Safeguard Blog