What is SQL injection?

+1 vote
Does SQL injection related to or helps to hack any vulnerable website?
Jan 22 in Web Development by kartik
• 30,930 points
152 views

1 answer to this question.

+1 vote

hey @Fighnithi,

  • Yes,SQL injection is one of the most common web hacking techniques. It is a code injection technique that might destroy your database.
  • SQL injection is injecting of malicious code in SQL statements, via web page input.

It can basically occur through two ways:

  1. SQL Injection based on 1=1 is always true.

                                Example:    if some website such as edureka asked for user id then user can enter some "smart" input like this: 

                                                     UserId :205 OR 1=1

                                                   Then, the SQL statement will look like this: 

                                                             SELECT * FROM Users WHERE UserId = 105 OR 1=1;                            

                                                   ​The SQL above is valid and will return ALL rows from the "Users" table, since OR 1=1 is always TRUE

       2.SQL Injection Based on "=" is Always True.

                              Example:  user login on a web site:

                                                Username: Niraj

                                                Password: Dey

                                      Then, Statement

                                               uname = getRequestString("Username");
                                               upass = getRequestString("Password");

                                               sql = 'SELECT * FROM Users WHERE Name ="' + uname + '" AND Pass ="' + upass + '"'

                                      Result:

                                            SELECT * FROM Users WHERE Name ="Niraj" AND Pass ="Dey"

                                            A hacker might get access to user names and passwords in a database by simply inserting " OR ""=" into the user name or password text box:

                                            User Name:" or ""="

                                            Password: " or ""="

                                           The code at the server will create a valid SQL statement like this:

                                          Result:SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""

                                          The SQL above is valid and will return all rows from the "Users" table, since OR ""="" is always TRUE.

answered Jan 22 by Niroj
• 67,020 points

Related Questions In Web Development

0 votes
1 answer

What is the difference between span and div?

The div should be used to wrap sections of ...READ MORE

answered Jan 16 in Web Development by Niraj

edited Jan 21 by Niroj 823 views
+1 vote
9 answers

What is the difference between web design and web development?

A designer designs the web pages and ...READ MORE

answered Jan 22 in Web Development by Niroj
• 67,020 points
205 views
0 votes
1 answer

What is data binding in AngularJS?

Data binding is synchronization of data between the ...READ MORE

answered Jan 23 in Web Development by Niroj
• 67,020 points
75 views
0 votes
1 answer

What is a Favicon, and Why is It Important?

A favicon is your website logo that ...READ MORE

answered Jan 30 in Web Development by Niroj
• 67,020 points
166 views
0 votes
1 answer

How to pass props to {this.props.children}?

Hello @kartik,  Try using this: <div> ...READ MORE

answered Jul 22 in Angular by Niroj
• 67,020 points
181 views
0 votes
1 answer

How to specify a port to run a create-react-app based project?

Hello @kartik, You could use cross-env to set the port, ...READ MORE

answered Jul 22 in Angular by Niroj
• 67,020 points
548 views
0 votes
1 answer

How to unset or remove a collection element after fetching it?

Hello @kartik, You would want to use ->forget() $collection->forget($key); Hope it ...READ MORE

answered Sep 11 in Laravel by Niroj
• 67,020 points
57 views
+1 vote
1 answer

What is the relationship between angularjs Scope with controller/view?

Let us consider the below block: <div ng-controller="emp"> ...READ MORE

answered Jan 20 in Web Development by Niroj
• 67,020 points

edited Jan 21 by Niroj 137 views
+1 vote
1 answer

What is css box module?

Hey, All the element present in html follows ...READ MORE

answered Jan 20 in Web Development by Niroj
• 67,020 points

edited Jan 21 by Niroj 133 views