9 مستودعات
Use of prepared statements to separate data from commands.
Distinguishing note: Specifically addresses the mechanism of parameterization rather than general injection prevention.
Explore 9 awesome GitHub repositories matching security & cryptography · Query Parameterization. Refine with filters or upvote what's useful.
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
Uses prepared statements to separate data from commands, preventing injection attacks.
Knex is a multi-dialect database client that provides a programmatic SQL query builder, a connection pool manager, and a versioned schema migration tool. It enables programmatic database interaction across multiple SQL engines, including PostgreSQL, MySQL, SQLite3, SQL Server, CockroachDB, and Oracle. The project distinguishes itself through a fluent interface for constructing complex SQL statements and a dedicated framework for database seeding. It utilizes specialized dialects to translate generic query representations into database-specific syntax while maintaining a consistent API across
Uses prepared statements and parameterized query binding to separate data from commands and prevent SQL injection.
Dapper is a lightweight object-relational mapper for .NET that functions as a high-performance data access library. It operates by extending standard database connection interfaces, allowing developers to execute raw SQL queries while automating the mapping of database results to strongly-typed objects. The library distinguishes itself through its use of runtime code generation, which creates high-performance instructions to map database rows to object properties with minimal overhead. It provides flexible data retrieval options, supporting both memory-buffered loading for speed and row-by-ro
Ensures security and performance by separating SQL command strings from data values using database-native parameter binding.
Neo4j is a native graph database management system designed to store and query highly connected data using a property-graph model. It provides an ACID-compliant transaction engine that ensures data integrity, supported by a distributed cluster architecture that maintains causal consistency across nodes. Users interact with the system through a declarative query language, which allows for complex pattern matching and path traversal without requiring manual traversal logic. The platform distinguishes itself through its hybrid approach to data retrieval, combining traditional graph-based queries
Uses query parameterization to improve performance and prevent injection vulnerabilities.
This project is a Node.js client for PostgreSQL databases, providing a protocol parser to translate raw binary streams into JavaScript objects. It serves as a driver for executing queries, managing data, and integrating Node.js applications with PostgreSQL backends. The library includes a connection pool manager to reduce network overhead by caching reusable connections and a result streamer that uses cursors to retrieve large datasets incrementally. It also functions as an event listener for subscribing to asynchronous server-side notifications to trigger real-time application events. Broad
Uses parameterized queries to separate data from SQL commands, protecting against injection attacks.
CodeIgniter is a PHP web framework built on the Model-View-Controller pattern, designed for building full-stack web applications. It provides a lightweight toolkit with minimal configuration, organizing application logic into controllers, models, and views for clean separation of concerns. The framework includes a fluent query builder for constructing SQL statements programmatically, PSR-4 autoloading with namespace mapping, and a service-based dependency injection container for managing shared class instances. The framework distinguishes itself through its comprehensive set of built-in tools
Replaces placeholders in SQL strings with escaped values using positional and named bindings.
هذا المشروع عبارة عن تعريف (driver) لقاعدة بيانات MySQL لـ Node.js ينشئ اتصالات شبكة وينفذ استعلامات SQL باستخدام بروتوكول اتصال أصلي. يعمل كعميل SQL غير متزامن، ويوفر واجهة استعلام قائمة على الوعود (promise-based) ودعماً لأنماط async/await لإدارة عمليات قاعدة البيانات غير المحظورة. تتضمن المكتبة تنفيذاً كاملاً لبروتوكول MySQL، وتعمل كأداة لبناء خوادم قواعد بيانات مخصصة أو وكلاء أو عملاء. كما تعمل كمدير لمجمع الاتصالات (connection pool) وأداة لمنع الحقن، باستخدام الاستعلامات المحضرة (prepared statements) والاستعلامات ذات المعلمات لتأمين تفاعلات قاعدة البيانات. يغطي المشروع نطاقاً واسعاً من إمكانيات تكامل قواعد البيانات، بما في ذلك تنسيق المعاملات الذرية، وبث السجلات الثنائية، وبث البيانات الجدولية للاستيراد بالجملة. ويدير دورات حياة الموارد من خلال تنظيف الاتصال المؤتمت ويوفر آليات مصادقة متنوعة، مثل مصادقة تجزئة كلمة المرور وتفاوض المصافحة الآمن. يتم دعم الاتصال بشكل أكبر عبر تشفير SSL، وضغط حركة مرور الشبكة، والقدرة على توجيه حركة المرور عبر ناقلات تدفق مزدوجة مخصصة.
Implements prepared statements to separate query logic from data, preventing SQL injection attacks.
Apache AGE is a graph database extension for PostgreSQL that adds openCypher graph query capabilities directly within the relational database environment. It functions as a loadable extension that translates Cypher graph traversal queries into SQL expressions, enabling users to run pattern matching and path analysis alongside standard SQL operations within a single database instance. The extension stores labeled, directed property graphs as isolated schemas with internal relational tables for vertices, edges, and labels, preventing cross-graph interference. It supports hybrid query execution
Passes parameter maps to Cypher queries for prepared statement reuse and injection prevention.
Velociraptor is a digital forensics and incident response platform, endpoint detection and response system, and visibility tool. It provides a query engine and remote forensic collector used to hunt for indicators of compromise and perform triage across a fleet of hosts. The system is distinguished by its specialized query language for interrogating host state and parsing binary files. It features a notebook environment that combines markdown documentation with executable query cells to standardize investigative workflows and enable collaborative reporting. The platform covers a wide range o
Provides the ability to define customizable variables in collection tasks to modify query behavior without altering the underlying logic.