SQL Injection | Community
Skip to main content
A
Anonymous
January 22, 2013
Solved

SQL Injection

  • January 22, 2013
  • 4 replies
  • 1705 views

Hi

I dont find anything on the community about sql injection risks on Marketo forms.
I assume this is because Marketo is safe from those risks.
Can someone confirm?
 

Many thanks in advance

This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by
I've never seen any -1's come through anywhere I wasn't expecting them.  And it's not like you can echo field values straight to a query in a landing page, there's a ton of script handling in between the service and your page.

4 replies

A
Anonymous
Accepted solution
January 22, 2013
I've never seen any -1's come through anywhere I wasn't expecting them.  And it's not like you can echo field values straight to a query in a landing page, there's a ton of script handling in between the service and your page.
A
Anonymous
January 22, 2013
Thanks CraiGrrr for your reply, feel better now :)
A
Anonymous
January 22, 2013
The biggest risk would be PHP code injection. The HTML block disables PHP tags.

A
Anonymous
January 22, 2013
Just to follow up on this- we do outside security audits that check for this type of issue (and others!) and carefully review code changes to ensure we aren't introducing these sorts of risks. All user input data is carefully handled and never used in a SQL statement without being properly escaped.
Terms & ConditionsAccessibility statement

Loading footer...