how to protect against sql injection in powershell script

Welcome Forums General PowerShell Q&A how to protect against sql injection in powershell script

Viewing 0 reply threads
  • Author
    Posts
    • #190696
      Participant
      Topics: 3
      Replies: 2
      Points: 41
      Rank: Member

      I try to write simple gui with login to database. I have a problem with its protection against sql injection.

      How can I use parameters in query to login and password.

      This is part of my script:

      function Get-ODBC-Data{

      param([string]$query=$(throw 'query is required.'))

      $conn = New-Object System.Data.Odbc.OdbcConnection

      $conn.ConnectionString = "Driver={PostgreSQL Unicode(x64)};Server=1.2.3.4;Port=1234;Database=dbname;Uid=user;Pwd=pass;"

      $conn.open()

      $cmd = New-object System.Data.Odbc.OdbcCommand($query,$conn)

      $ds = New-Object system.Data.DataSet

      (New-Object system.Data.odbc.odbcDataAdapter($cmd)).fill($ds) | out-null

      $conn.close()

      $ds.Tables[0]

      }

      $login = Show-InputForm "aaaa" "Username" "Password*"

      $user = $login[0]

      $password = $login[1]

      $query = "SELECT * FROM aaa WHERE user='$login' and password='$password'"

      $result = Get-ODBC-Data -query $query
Viewing 0 reply threads
  • You must be logged in to reply to this topic.