SQL Injection

SQL injection is an application security weakness that might destroy your database.

SQL injection usually occurs when you ask a user for input, like UserName OR UserId, and instead of a Name OR Id, the user gives you an SQL statement that you will unknowingly run on your database.

SQL Injection Based on 1=1 is Always True

Below mentioned command will return ALL rows from the "USERS" table, since OR 1=1 is always TRUE.


If the "USERS" table contains names & passwords

SELECT UserId, Name, Password FROM USERS WHERE UserID = 100 OR 1=1;

A hacker might get access to all the user names and passwords in a database, by simply inserting 100 OR 1=1 into the input field.

SQL Injection Statement

  • SQL Injection is one of the most common web hacking techniques.
  • The SQL Injection allows attackers to control an application’s database.
  • SQL injection is the placement of malicious code in SQL statements, via web page input.

The Different Types of SQL Injection

  1. Error-Based SQL Injection
  2. Boolean-Based SQL Injection
  3. Time-Based SQL Injection

Advertise With Us

We offer sponsored posts and guest posts with do-follow links, back-links, and other advertising services, To advertise email us at ""

© 2021 GDATAMART.COM (All Rights Reserved)