(default) SQL Injection (SQLi) in Parameter Value
Deny Rule Group – (default) SQL Injection (SQLi) in Parameter Value

SQLI_PARAM_VALUE

The group contains SQL injection deny rules for parameter values. The security level Basic prevents injection of new SQL statements (e.g. ; DROP TABLE) and set operations (e.g. UNION SELECT). The security level Standard further prevents injection of SQL sub queries and SQL expressions in single quote context (e.g. ' or 1=1--). The security level Strict further prevents SQLi in unquoted context (e.g. 1 or 1).

Included Deny Rules

Rule name
Basic
Standard
Strict
(default SQL_001a) Expression in unquoted context in parameter value
Icon - ON
(default SQL_005a) Expression in quoted context in parameter value
Icon - ON
Icon - ON
(default SQL_020a) Statement in C style comment tag in parameter value
Icon - ON
Icon - ON
Icon - ON
(default SQL_025a) New statement in unquoted context in parameter value
Icon - ON
Icon - ON
(default SQL_030a) New statement in quoted context in parameter value
Icon - ON
Icon - ON
Icon - ON
(default SQL_040a) Sub query in bracket context in parameter value
Icon - ON
(default SQL_045a) Sub query in parameter value
Icon - ON
Icon - ON
(default SQL_050a) Condition elimination in unquoted context in parameter value
Icon - ON
(default SQL_055a) Condition elimination in quoted context in parameter value
Icon - ON
Icon - ON
(default SQL_060a) Set operator in parameter value
Icon - ON
Icon - ON
Icon - ON
(default SQL_065a) Special SQL keywords
Icon - ON
Icon - ON