What is SQL injection? Please give me a real time example.
Asked
Active
Viewed 111 times
-7
-
8http://xkcd.com/327/ You could alternatively do some googling and find the hundreds and hundreds of pages discussing this issue. – thatidiotguy Dec 06 '13 at 17:10
-
Google, what is this thing ? ^_^ – Laurent S. Dec 06 '13 at 17:12
-
good luck stack overflow! – huMpty duMpty Dec 06 '13 at 17:13
-
3On the other hand, good thing you ask BEFORE discovering sql injections the hard way... – Laurent S. Dec 06 '13 at 17:14
-
1Betcha it's for a class assignment. – Phil Perry Dec 06 '13 at 17:21
-
possible duplicate of [What is SQL injection?](http://stackoverflow.com/questions/601300/what-is-sql-injection) and damn near a dozen other questions. – LittleBobbyTables - Au Revoir Dec 06 '13 at 17:26
-
Just because it's been answered before doesn't mean that answer makes sense to everyone. Everyone has a different style of explaining things, sometimes it makes sense to someone, sometimes it doesn't. We need to respect that and not jump on people for asking the same question someone else did. It's counter productive and helps noone. – Zarathuztra Dec 07 '13 at 21:41
2 Answers
1
The wiki says that:
SQL injection is a code injection technique, used to attack data driven applications, in which malicious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker).1 SQL injection must exploit a security vulnerability in an application's software, for example, when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and unexpectedly executed. SQL injection is mostly known as an attack vector for websites but can be used to attack any type of SQL database.
Rahul Tripathi
- 168,305
- 31
- 280
- 331
0
User input that deliberately contains SQL code to do harmful things, and isn't disabled or sanitized by the code. E.g.,
$who = $_GET['customer_id'];
...
DELETE from records WHERE customer_id = '$who'
could be injected with something similar to customer_id=1234' and 1=1 and ''=', resulting in
DELETE from records WHERE customer_id = '1234' and 1=1 and ''=''
resulting in all records in the table being deleted. It could be sanitized by escaping all ' in the user input.
Phil Perry
- 2,126
- 14
- 18