Knowledge Base
v3.11.1
Search this version
Knowledge Base
Knowledge Base
Configuration & Setup
Error and Troubleshooting
Title
Message
Create new category
What is the title of your new category?
Edit page index title
What is the title of the page index?
Edit category
What is the new title of your category?
Edit link
What is the new title and URL of your link?
How does MetaDefender Managed File Transfer protect against injection attacks?
Copy Markdown
Open in ChatGPT
Open in Claude
How We Prevent SQL Injection
We design the system so that anything you type is treated as harmless data, not as instructions to the database. Here are the safeguards working for you:
- Safe database access: We use placeholders ("parameters") so your input never becomes a command.
- Approved search and sort options: Only known, whitelisted choices are allowed; unexpected values are ignored or sanitized.
- Server-built queries: Flexible queries are assembled from validated pieces on the server, not directly from user-entered text.
- Modern frameworks: Our data access frameworks automatically send your input separately from the SQL instructions.
- Safe error handling: Error messages avoid exposing details about the database or internal systems.
- Ongoing protection: We regularly review, test, and improve these safeguards to keep them effective.
What this means for you: special characters (like quotes or symbols) won’t turn into harmful commands, and your actions are processed safely without requiring you to do anything special.
Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Last updated on
Was this page helpful?
Next to read:
What happens if the OS hostname changes?Discard Changes
Do you want to discard your current changes and overwrite with the template?
Archive Synced Block
Message
Create new Template
What is this template's title?
Delete Template
Message
