9 个仓库
Use of prepared statements to separate data from commands.
Distinguishing note: Specifically addresses the mechanism of parameterization rather than general injection prevention.
Explore 9 awesome GitHub repositories matching security & cryptography · Query Parameterization. Refine with filters or upvote what's useful.
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
Uses prepared statements to separate data from commands, preventing injection attacks.
Knex is a multi-dialect database client that provides a programmatic SQL query builder, a connection pool manager, and a versioned schema migration tool. It enables programmatic database interaction across multiple SQL engines, including PostgreSQL, MySQL, SQLite3, SQL Server, CockroachDB, and Oracle. The project distinguishes itself through a fluent interface for constructing complex SQL statements and a dedicated framework for database seeding. It utilizes specialized dialects to translate generic query representations into database-specific syntax while maintaining a consistent API across
Uses prepared statements and parameterized query binding to separate data from commands and prevent SQL injection.
Dapper is a lightweight object-relational mapper for .NET that functions as a high-performance data access library. It operates by extending standard database connection interfaces, allowing developers to execute raw SQL queries while automating the mapping of database results to strongly-typed objects. The library distinguishes itself through its use of runtime code generation, which creates high-performance instructions to map database rows to object properties with minimal overhead. It provides flexible data retrieval options, supporting both memory-buffered loading for speed and row-by-ro
Ensures security and performance by separating SQL command strings from data values using database-native parameter binding.
Neo4j is a native graph database management system designed to store and query highly connected data using a property-graph model. It provides an ACID-compliant transaction engine that ensures data integrity, supported by a distributed cluster architecture that maintains causal consistency across nodes. Users interact with the system through a declarative query language, which allows for complex pattern matching and path traversal without requiring manual traversal logic. The platform distinguishes itself through its hybrid approach to data retrieval, combining traditional graph-based queries
Uses query parameterization to improve performance and prevent injection vulnerabilities.
This project is a Node.js client for PostgreSQL databases, providing a protocol parser to translate raw binary streams into JavaScript objects. It serves as a driver for executing queries, managing data, and integrating Node.js applications with PostgreSQL backends. The library includes a connection pool manager to reduce network overhead by caching reusable connections and a result streamer that uses cursors to retrieve large datasets incrementally. It also functions as an event listener for subscribing to asynchronous server-side notifications to trigger real-time application events. Broad
Uses parameterized queries to separate data from SQL commands, protecting against injection attacks.
CodeIgniter is a PHP web framework built on the Model-View-Controller pattern, designed for building full-stack web applications. It provides a lightweight toolkit with minimal configuration, organizing application logic into controllers, models, and views for clean separation of concerns. The framework includes a fluent query builder for constructing SQL statements programmatically, PSR-4 autoloading with namespace mapping, and a service-based dependency injection container for managing shared class instances. The framework distinguishes itself through its comprehensive set of built-in tools
Replaces placeholders in SQL strings with escaped values using positional and named bindings.
该项目是一个用于 Node.js 的 MySQL 数据库驱动程序,通过原生通信协议建立网络连接并执行 SQL 查询。它作为异步 SQL 客户端,提供基于 Promise 的查询接口和对 async/await 模式的支持,以管理非阻塞数据库操作。 该库包含完整的 MySQL 协议实现,可作为构建自定义数据库服务器、代理或客户端的工具包。它还作为连接池管理器和注入预防工具,利用预处理语句和参数化查询来保护数据库交互。 该项目涵盖了广泛的数据库集成功能,包括原子事务协调、二进制日志流式传输以及用于批量导入的表格数据流式传输。它通过自动连接清理管理资源生命周期,并提供多种身份验证机制,如密码哈希验证和安全握手协商。 连接性进一步通过 SSL 加密、网络流量压缩以及通过自定义双工流传输路由流量的能力得到支持。
Implements prepared statements to separate query logic from data, preventing SQL injection attacks.
Apache AGE is a graph database extension for PostgreSQL that adds openCypher graph query capabilities directly within the relational database environment. It functions as a loadable extension that translates Cypher graph traversal queries into SQL expressions, enabling users to run pattern matching and path analysis alongside standard SQL operations within a single database instance. The extension stores labeled, directed property graphs as isolated schemas with internal relational tables for vertices, edges, and labels, preventing cross-graph interference. It supports hybrid query execution
Passes parameter maps to Cypher queries for prepared statement reuse and injection prevention.
Velociraptor is a digital forensics and incident response platform, endpoint detection and response system, and visibility tool. It provides a query engine and remote forensic collector used to hunt for indicators of compromise and perform triage across a fleet of hosts. The system is distinguished by its specialized query language for interrogating host state and parsing binary files. It features a notebook environment that combines markdown documentation with executable query cells to standardize investigative workflows and enable collaborative reporting. The platform covers a wide range o
Provides the ability to define customizable variables in collection tasks to modify query behavior without altering the underlying logic.