Hey Guys,
I've heard that SQL Injection is one of the most common tool that the hackers use to hack a web application. Can anyone please give me a brief overview of what SQL Injection is or any webpages that I can refer to.
Thanks
anuj_sharma
-3
Junior Poster
Recommended Answers
Jump to PostSQL injection is an attack on the database. Basically, injectors take an educated guess about your query design and try to manipulate it. Let's take a look at the following login:
$query = "SELECT * FROM customers WHERE username = '$name' and password = '$password'";$name and …
Jump to PostThis is done through URL as intruder firstly examine URL string that is send to server and if he sees any possibility of vulnerability he will try to modify this string and submit
All 6 Replies
buddylee17
216
Practically a Master Poster
SQL injection is an attack on the database. Basically, injectors take an educated guess about your query design and try to manipulate it. Let's take a look at the following login:
$query = "SELECT * FROM customers WHERE username = '$name' and password = '$password'";$name and $password come from a form using input type='text'. Thus, anything can be typed into these fields. So, the injector types in ' OR 1' for each field. Let's substitute the variables and actually take a look at what gets sent to MySQL:
$query = "SELECT * FROM customers WHERE username = '' OR 1'' and password = '' OR 1''";Adding ' OR 1' to the variable will a.) keep the query from failing due to parse errors and b.)make the query default to true, giving the user access to anything in the db that he/she is capable of getting to.
anuj_sharma
-3
Junior Poster
Does the injector type in the URL or hacks into the coding????
Please give some resources on the net.
Thanx
peter_budo
2,532
Code tags enforcer
Team Colleague
Featured Poster
This is done through URL as intruder firstly examine URL string that is send to server and if he sees any possibility of vulnerability he will try to modify this string and submit
anuj_sharma
-3
Junior Poster
Is there any method by which SQL Injection can be stopped or any software available???
peter_budo
2,532
Code tags enforcer
Team Colleague
Featured Poster
Depends on the technology used. I think that Java and its PrepareStatements is something that you can not beat, with PHP you need to do lot of checking and set up many rules to prevent injections. I expect that Microsoft web pages build with C# or VB are reasonably secure dunno about plain ASP, I never worked with it.
Shanti C
106
Posting Virtuoso
with PHP you need to do lot of checking and set up many rules to prevent injections.
Need more information on this.....
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.