https://www.secdev.uk/blog/tags/sql-injection/ Recent content in SQL Injection on guy@secdev.uk Hugo en-gb Guy Dixon | guy@secdev.uk Sat, 04 Jan 2025 00:00:00 +0000 https://www.secdev.uk/blog/technology/2025-01-04-sql-injection-across-languages/ Sat, 04 Jan 2025 00:00:00 +0000 https://www.secdev.uk/blog/technology/2025-01-04-sql-injection-across-languages/ <p>SQL injection is one of those vulnerability classes that refuses to go away, no matter how much the industry talks about it. I&rsquo;ve been digging into how it manifests across different languages, Python, Java, Go, and JavaScript, and the root cause is always the same: untrusted input reaches a SQL query without proper parameterization. But the way developers introduce it varies wildly depending on the framework, ORM, and idioms of each language. In this post, I want to walk through real examples across these four languages, showing both the obvious patterns that any reviewer would catch and the subtle ones that slip through code review more often than you&rsquo;d expect.</p>