1. We have moved from vBulletin to XenForo and you are viewing the site in the middle of the move. Though the functional aspect of everything is working fine, we are still working on other changes including the new design on Xenforo.
    Dismiss Notice

What is sql Injection is?

Discussion in 'Ethical hacking' started by ocena, Aug 7, 2006.

  1. ocena

    ocena New Member

    What is sql injection? and qht does it do? and how it work?
     
  2. shabbir

    shabbir Administrator Staff Member

    SQL injection is a security vulnerability that occurs in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.

    This results in the potential manipulation of the statements performed on the database by the end user of the application.

    Say you have an SQL for retrieving user information as below
    Code:
    SELECT * FROM users WHERE name = '" + userName + "';"
    Now instead of userName being a valid one it comes up as something like
    a';DROP TABLE users;
    then the SQL becomes
    Code:
    SELECT * FROM users WHERE name = 'a';DROP TABLE users;
    This will delete the users table on the MySQL database.
     
    kinglove likes this.
  3. ocena

    ocena New Member

    okey thanks for the infoe
     

Share This Page