118 SQL Injection
The page explains SQL Injection, a common web security vulnerability where malicious code is inserted into SQL statements through user inputs. Key points:
- Definition: SQL injection is a code injection technique that can destroy or compromise a database.
- How it happens: It occurs when an application incorporates user input directly into SQL queries without proper validation or sanitization.
- Examples:
- A typical vulnerable query might look like:
"SELECT * FROM Users WHERE UserId = " + userInput;. If a user enters105 OR 1=1, the query will return all records because1=1is always true. - Hackers can use special input (e.g.,
"; DROP TABLE Suppliers; --) to manipulate queries and even delete tables.
- A typical vulnerable query might look like:
- Consequences: Attackers may gain unauthorized access to all user data (e.g., usernames and passwords) or manipulate/destroy database content.
- Prevention: Use SQL parameterization, which separates data from the SQL code, to prevent injections. The page shows parameterized query examples for ASP.NET and PHP.
- Takeaway: Always protect database queries from user input by using parameters and never directly joining raw user input into SQL statements.[1]
This summary captures the essential concepts and examples covered on the page.