

Ask HN: Testing you own sites for SQL Injection and XSS - mootothemax

Hi everyone,<p>I'm getting a bit paranoid about some of my web apps being open to SQL injection and XSS. I'm using http://htmlpurifier.org/ to scrub inputs where necessary, but when it comes to SQL injection, I only know the absolute basics.<p>Do you test you apps using any tools? If so, which ones?<p>Likewise, what SQL injection tests do you run to make sure that you're not open to - at best - any of the more common attacks?<p>Thanks,
Tom.
======
cjzhang
<http://rosettacode.org/wiki/Parametrized_SQL_statement>

But no, seriously, you should be using a library or something that sanitizes
your SQL queries for you. If you aren't constructing the query string
yourself, you should be okay.

