SQL Injection

← Previous Next →

SQL injection is an application security weakness that might destroy your database.

SQL injection usually occurs when you ask a user for input, like UserName OR UserId, and instead of a Name OR Id, the user gives you an SQL statement that you will unknowingly run on your database.

SQL Injection Based on 1=1 is Always True

Below mentioned command will return ALL rows from the "USERS" table, since OR 1=1 is always TRUE.

SELECT * FROM USERS WHERE UserID = 100 OR 1=1;

If the "USERS" table contains names & passwords

SELECT UserId, Name, Password FROM USERS WHERE UserID = 100 OR 1=1;

A hacker might get access to all the user names and passwords in a database, by simply inserting 100 OR 1=1 into the input field.

SQL Injection Statement

  • SQL Injection is one of the most common web hacking techniques.
  • The SQL Injection allows attackers to control an application’s database.
  • SQL injection is the placement of malicious code in SQL statements, via web page input.

The Different Types of SQL Injection

  1. Error-Based SQL Injection
  2. Boolean-Based SQL Injection
  3. Time-Based SQL Injection
← Previous Next →

Related Topics

Email Us: advertise@gdatamart.com

Donate Us: Support to GDATAMART

Policy & Disclosure

Popular

LifeStyle & Fun

© 2023 GDATAMART.COM (All Rights Reserved)