1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

What is sql Injection is?

Discussion in 'Ethical hacking' started by ocena, Aug 7, 2006.

  1. ocena

    ocena New Member

    Joined:
    Aug 6, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    0
    What is sql injection? and qht does it do? and how it work?
     
  2. shabbir

    shabbir Administrator Staff Member

    Joined:
    Jul 12, 2004
    Messages:
    15,285
    Likes Received:
    364
    Trophy Points:
    83
    SQL injection is a security vulnerability that occurs in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

    This results in the potential manipulation of the statements performed on the database by the end user of the application.

    Say you have an SQL for retrieving user information as below
    Code:
    SELECT * FROM users WHERE name = '" + userName + "';"
    Now instead of userName being a valid one it comes up as something like
    a';DROP TABLE users;
    then the SQL becomes
    Code:
    SELECT * FROM users WHERE name = 'a';DROP TABLE users;
    This will delete the users table on the MySQL database.
     
    kinglove likes this.
  3. ocena

    ocena New Member

    Joined:
    Aug 6, 2006
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    0
    okey thanks for the infoe
     

Share This Page