SOLVED

SQL Injection

Go to solution
Anonymous
Not applicable

SQL Injection

Hi

I dont find anything on the community about sql injection risks on Marketo forms.
I assume this is because Marketo is safe from those risks.
Can someone confirm?
 

Many thanks in advance

Tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
Anonymous
Not applicable

Re: SQL Injection

I've never seen any -1's come through anywhere I wasn't expecting them.  And it's not like you can echo field values straight to a query in a landing page, there's a ton of script handling in between the service and your page.

View solution in original post

4 REPLIES 4
Anonymous
Not applicable

Re: SQL Injection

I've never seen any -1's come through anywhere I wasn't expecting them.  And it's not like you can echo field values straight to a query in a landing page, there's a ton of script handling in between the service and your page.

View solution in original post

Anonymous
Not applicable

Re: SQL Injection

Thanks CraiGrrr for your reply, feel better now 🙂
Anonymous
Not applicable

Re: SQL Injection

The biggest risk would be PHP code injection. The HTML block disables PHP tags.

Anonymous
Not applicable

Re: SQL Injection

Just to follow up on this- we do outside security audits that check for this type of issue (and others!) and carefully review code changes to ensure we aren't introducing these sorts of risks. All user input data is carefully handled and never used in a SQL statement without being properly escaped.