If you’re a computer programmer, you probably know Stack Overflow. It’s a very popular and really handy question-and-answer website devoted to answering programming questions.
In other words, if you find yourself in a fix trying to get your brain around a knotty PHP problem, there’s bound to be some helpful soul who knows the answer and will either answer your question or already answered a similar question in the past.
So, all you have to do is go to Stack Overflow and get the answer you need. Right?
Well, hold your horses for one second.
Because have you ever considered that the code you are being offered might (unintentionally) contain a serious security flaw – such as being vulnerable to exploitation via SQL injection?
Laurent Cozic has published a project that examines PHP questions on Stack Overflow, and highlights those that contain SQL injection vulnerabilities. And with some nifty graphical charts he gives an indication of the scale of the problem.
It’s clear to see that approximately 1000 PHP-related questions on Stack Overflow contain SQL injection vulnerabilities every month.
Just how bad is that?
Well, as a proportion of all PHP MySQL-related questions, SQL injection vulnerabilities amount to around 40-50%.
Ouch! With figures like this is it any wonder that so many business websites are still shamefully spilling their customer details to such rudimentary hacking tricks as SQL injection?
Of course, it’s worth bearing in mind that Stack Overflow doesn’t have a monopoly in offering bad advice. You could cut-and-paste a SQL injection from any number of sites offering advice on the internet.
So don’t be lazy. Always do your own checking of code you’re borrowing from someone else before you use it. Copy-and-pasting code without thinking can do a lot of harm.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.