3 quizzes found.

SQL Injections can be best prevented using which of the following database technologies?

  1. All of the above
  2. Prepared Statements
  3. Persistent Connections
  4. Unbuffered Queries
  5. Query escaping

Choose 1 answers

John works as a professional Ethical Hacker. He has been assigned a project to test the security of www.we-are-secure.com. On the We-are-secure login page, he enters ='or''=' as a username and successfully logs in to the user page of the Web site. The We-are-secure login page is vulnerable to a __________.

  1. Land attack
  2. Replay attack
  3. Dictionary attack
  4. SQL injection attack

Choose 1 answers

You run the following PHP script. What is the use of the mysql_real_escape_string() function in the above script

<?php
$name = mysql_real_escape_string($_POST["name"]);
$password = mysql_real_escape_string($_POST["password"]);
?>
  1. It can be used as a countermeasure against a SQL injection attack
  2. It escapes all special characters from strings $_POST["name"] and $_POST["password"] except ' and "
  3. It escapes all special characters from strings $_POST["name"] and $_POST["password"]
  4. It can be used to mitigate a cross site scripting attack

Choose 2 answers