T-SQL, string injection, REPLACE(@myVariable, ””, ”””) approach? Once and for all

I see there are forums about this question, but everywhere, I fail to see the answer I am looking for.
I have a stored procedure which its purpose is to execute dynamic SQL statement.
It uses a cursor which makes it a single point where on… Continue reading T-SQL, string injection, REPLACE(@myVariable, ””, ”””) approach? Once and for all

A runtime sometimes converts string arguments (or string returns) from WTF-16 to UTF-16 between functions in a call stack. Is this a security concern?

Suppose that we have this code (in TypeScript syntax):
function one(str: string): string {
// do something with the string
return str
}

function two() {
let s = getSomeString() // returns some unknown string that may contain surroga… Continue reading A runtime sometimes converts string arguments (or string returns) from WTF-16 to UTF-16 between functions in a call stack. Is this a security concern?

When parsing a string to a BigDecimal or BigInteger in Java, or BigInt in JavaScript, are there any known security issues around this?

When parsing a string to a BigDecimal or BigInteger in Java, or BigInt in JavaScript, are there any known security issues around this? Like if you take in the string without validating it’s just numbers, is there any risk?
Are there any kn… Continue reading When parsing a string to a BigDecimal or BigInteger in Java, or BigInt in JavaScript, are there any known security issues around this?