Sql injection articles

12/28/2025 • EN

Substack Network error = security content they don't allow to be sent

Author details how Substack's content filter blocked a newsletter containing a SQL injection exploit example, citing a 'Network error'.

Content Filtering Network Error security sql injection Substack

Simon Willison

12/18/2025 • EN

Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain

Analysis of a complex RCE attack chain in PostHog exploiting SSRF, a ClickHouse SQL 0day, and default PostgreSQL credentials.

Clickhouse postgresql Rce sql injection Ssrf

Simon Willison

8/27/2025 • EN

Adobe ColdFusion Bug: CFQuery Tag Leaks SQL To Output Within Array Iteration

A technical article detailing a bug in Adobe ColdFusion where the CFQuery tag leaks SQL statements into the page output during array iteration.

array iteration bug cfquery coldfusion sql injection

Ben Nadel

8/19/2024 • EN

FormattableStringFactory - Creating dynamic FormattableString instances

Explains how to use FormattableStringFactory in C# to create dynamic SQL queries safely with Entity Framework Core, preventing SQL injection.

c Dynamic SQL Entity Framework Core Formattablestring sql injection

Steven Giesel

6/17/2024 • EN

Are my EF LINQ to SQL queries safe?

Explains how Entity Framework protects against SQL injection in LINQ queries but warns of risks when using raw SQL, highlighting safer alternatives.

c Entity Framework linq orm sql injection

Steven Giesel

11/2/2022 • EN

Infographics Compendium III - Exceptions, EF Sanitized, Operators, ...

A collection of technical infographics covering .NET, C#, Entity Framework, exceptions, operators, and query safety.

c debugging Entity Framework linq sql injection

Steven Giesel

8/12/2022 • EN

Be Careful Of Transliteration

Explains how Unicode transliteration can bypass security measures like rate limiting in Laravel apps and how to fix it.

Laravel Rate Limiting security sql injection Transliteration

Stephen Rees-Carter

10/30/2021 • EN

Why Parameterised Queries Are Important

Explains the importance of parameterised queries in Laravel to prevent SQL injection attacks, making database interactions secure.

Database Security Laravel Parameterized Queries Query Builder sql injection

Stephen Rees-Carter

9/30/2019 • EN

Preventing SQL Injection Attacks With Python

Explains how to prevent SQL injection in Python using psycopg2's low-level sql.Identifier and sql.Literal functions for safe query building.

Database Security orm Psycopg2 Python sql injection

Haki Benita

8/15/2019 • EN

SQL Server 2019: Feature Restrictions

Explores SQL Server 2019's new 'Feature Restrictions' security feature, designed to help prevent SQL injection attacks.

database Feature Restrictions security sql injection SQL Server 2019

Niko Neugebauer

4/10/2019 • EN

Unsafe SQL functions in Laravel

Explains SQL injection risks in Laravel's query builder, focusing on unsafe functions like addSelect and JSON shorthand, with a fixed vulnerability example.

database Laravel Query Builder security sql injection

Brent

Sql injection Articles

Substack Network error = security content they don't allow to be sent

Inside PostHog: How SSRF, a ClickHouse SQL Escaping 0day, and Default PostgreSQL Credentials Formed an RCE Chain

Adobe ColdFusion Bug: CFQuery Tag Leaks SQL To Output Within Array Iteration

FormattableStringFactory - Creating dynamic FormattableString instances

Are my EF LINQ to SQL queries safe?

Infographics Compendium III - Exceptions, EF Sanitized, Operators, ...

Be Careful Of Transliteration

Why Parameterised Queries Are Important

Preventing SQL Injection Attacks With Python

SQL Server 2019: Feature Restrictions

Unsafe SQL functions in Laravel

Select Language