Scribd
Upload
59 views

SQL Injection

SQL injection is a code injection technique that can destroy databases. It occurs when malicious code is inserted into an SQL statement via a web page input. For example, a user could enter "105 OR 1=1" as their user ID, which would return all rows from the Users table because "OR 1=1" is always true. This exposes the names and passwords of all users in the database to hackers with just a simple input. Proper validation of user input is needed to prevent SQL injection attacks.

Uploaded by

Sanket Sahu
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
59 views

SQL Injection

SQL injection is a code injection technique that can destroy databases. It occurs when malicious code is inserted into an SQL statement via a web page input. For example, a user could enter "105 OR 1=1" as their user ID, which would return all rows from the Users table because "OR 1=1" is always true. This exposes the names and passwords of all users in the database to hackers with just a simple input. Proper validation of user input is needed to prevent SQL injection attacks.

Uploaded by

Sanket Sahu
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

SQL Injection

SQL injection is a code injection technique that might destroy your database.

SQL injection is one of the most common web hacking techniques.

SQL injection is the placement of malicious code in SQL statements, via web
page input.

SQL in Web Pages


SQL injection usually occurs when you ask a user for input, like their
username/userid, and instead of a name/id, the user gives you an SQL
statement that you will unknowingly run on your database.

Look at the following example which creates a SELECT statement by adding a


variable (txtUserId) to a select string. The variable is fetched from user input
(getRequestString):

Example
txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;

The rest of this chapter describes the potential dangers of using user input in
SQL statements.

SQL Injection Based on 1=1 is Always True


Look at the example above again. The original purpose of the code was to
create an SQL statement to select a user, with a given user id.

If there is nothing to prevent a user from entering "wrong" input, the user can
enter some "smart" input like this:

105 OR 1=1
UserId:
Then, the SQL statement will look like this:

SELECT * FROM Users WHERE UserId = 105 OR 1=1;

The SQL above is valid and will return ALL rows from the "Users" table,
since OR 1=1 is always TRUE.

Does the example above look dangerous? What if the "Users" table contains
names and passwords?

The SQL statement above is much the same as this:

SELECT UserId, Name, Password FROM Users WHERE UserId = 105 or 1=1;

A hacker might get access to all the user names and passwords in a database,
by simply inserting 105 OR 1=1 into the input field.

You might also like