What is sql Injection is?

ocena's Avatar, Join Date: Aug 2006
Light Poster
What is sql injection? and qht does it do? and how it work?
0
shabbir's Avatar, Join Date: Jul 2004
Go4Expert Founder
SQL injection is a security vulnerability that occurs in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

This results in the potential manipulation of the statements performed on the database by the end user of the application.

Say you have an SQL for retrieving user information as below
Code: SQL
SELECT * FROM users WHERE name = '" + userName + "';"
Now instead of userName being a valid one it comes up as something like
a';DROP TABLE users;
then the SQL becomes
Code: SQL
SELECT * FROM users WHERE name = 'a';DROP TABLE users;
This will delete the users table on the MySQL database.
kinglove like this
0
ocena's Avatar, Join Date: Aug 2006
Light Poster
okey thanks for the infoe