redho home | products | services

Programming Forums


Community for Java, PHP, Perl C, ASP and Python programmers
Wednesday 18 September 2019 17:58

Ask your IT question here

What is SQL Injection



 
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Programming Forums -> Database discussion forum
View previous topic :: View next topic  
Author Message
gilbertsavier
New Programmer


Joined: 02 Jul 2009
Posts: 21
Hi,
SQL injection refers to the act of someone inserting a MySQL statement to be run on your database without your knowledge. Injection usually occurs when you ask a user for input, like their name, and instead of a name they give you a MySQL statement that you will unknowingly run on your database.
SQL Injection Example

Below is a sample string that has been gathered from a normal user and a bad user trying to use SQL Injection. We asked the users for their login, which will be used to run a SELECT statement to get their information.
MySQL & PHP Code:

// a good user's name
$name = "timmy";
$query = "SELECT * FROM customers WHERE username = '$name'";
echo "Normal: " . $query . "<br>";

// user input that uses SQL Injection
$name_bad = "' OR 1'";

// our MySQL query builder, however, not a very safe one
$query_bad = "SELECT * FROM customers WHERE username = '$name_bad'";

// display what the new query will look like, with injection
echo "Injection: " . $query_bad;
_________________
Thanks & regards
Lokananth

Live Chat Software By miOOt

Reply with quote
 
debrah.h48
New Programmer


Joined: 24 Aug 2010
Posts: 21
SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organisations. It is perhaps one of the most common application layer attack techniques used today.

Web applications allow legitimate website visitors to submit and retrieve data to/from a database over the Internet using their preferred web browser.

Databases are central to modern websites they store data needed for websites to deliver specific content to visitors and render information to customers, suppliers, employees and a host of stakeholders. User credentials, financial and payment information, company statistics may all be resident within a database and accessed by legitimate users through off-the-shelf and custom web applications. Web applications and databases allow you to regularly run your business.

Reply with quote
 
Page 1 of 1
This forum is locked: you cannot post, reply to, or edit topics.   This topic is locked: you cannot edit posts or make replies.    Programming Forums -> Database discussion forum


Dubai Forums - Expat Help | Vegan Forum | Java Programming | 3d Design Resources | 3d Forum | 3D Jobs | 3D Textures | Paris Forum | Europe Forum
Dubai Classifieds | Dubai Property | Jobs in Dubai | Free London Classifieds | Jobs in London UK

High Quality, Custom 3d animation and Web Design solutions Royal Quality Web Hosting Services Vegetarian and Animal Rights news

© 2018 RedHo