What is SQL injection?

+1 vote
Does SQL injection related to or helps to hack any vulnerable website?
Jan 22 in Web Development by kartik
• 10,990 points
91 views

1 answer to this question.

+1 vote

hey @Fighnithi,

  • Yes,SQL injection is one of the most common web hacking techniques. It is a code injection technique that might destroy your database.
  • SQL injection is injecting of malicious code in SQL statements, via web page input.

It can basically occur through two ways:

  1. SQL Injection based on 1=1 is always true.

                                Example:    if some website such as edureka asked for user id then user can enter some "smart" input like this: 

                                                     UserId :205 OR 1=1

                                                   Then, the SQL statement will look like this: 

                                                             SELECT * FROM Users WHERE UserId = 105 OR 1=1;                            

                                                   ​The SQL above is valid and will return ALL rows from the "Users" table, since OR 1=1 is always TRUE

       2.SQL Injection Based on "=" is Always True.

                              Example:  user login on a web site:

                                                Username: Niraj

                                                Password: Dey

                                      Then, Statement

                                               uname = getRequestString("Username");
                                               upass = getRequestString("Password");

                                               sql = 'SELECT * FROM Users WHERE Name ="' + uname + '" AND Pass ="' + upass + '"'

                                      Result:

                                            SELECT * FROM Users WHERE Name ="Niraj" AND Pass ="Dey"

                                            A hacker might get access to user names and passwords in a database by simply inserting " OR ""=" into the user name or password text box:

                                            User Name:" or ""="

                                            Password: " or ""="

                                           The code at the server will create a valid SQL statement like this:

                                          Result:SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""

                                          The SQL above is valid and will return all rows from the "Users" table, since OR ""="" is always TRUE.

answered Jan 22 by Niroj
• 22,110 points

Related Questions In Web Development

0 votes
1 answer

What is the difference between span and div?

The div should be used to wrap sections of ...READ MORE

answered Jan 16 in Web Development by Niraj

edited Jan 21 by Niroj 78 views
+1 vote
5 answers

What is the difference between web design and web development?

A designer designs the web pages and ...READ MORE

answered Jan 22 in Web Development by Niroj
• 22,110 points
85 views
0 votes
1 answer

What is data binding in AngularJS?

Data binding is synchronization of data between the ...READ MORE

answered Jan 23 in Web Development by Niroj
• 22,110 points
39 views
0 votes
1 answer

What is a Favicon, and Why is It Important?

A favicon is your website logo that ...READ MORE

answered Jan 30 in Web Development by Niroj
• 22,110 points
116 views
0 votes
1 answer

Explain the difference between visibility:hidden; and display:none?

hii, visibility:hidden; and display:none are totally different used ...READ MORE

answered Jan 20 in Web Development by Niroj
• 22,110 points
358 views
+1 vote
1 answer

How to access the Angularjs scope of a particular html element from our console?

Hello, You should follow the below steps:-- 1.Compile and ...READ MORE

answered Jan 21 in Web Development by Niroj
• 22,110 points

edited Jan 21 by Niroj 52 views
+1 vote
1 answer

What are the different ways of using angularjs scope?

Hey!! basically there the three ways of using ...READ MORE

answered Jan 21 in Web Development by Niroj
• 22,110 points
37 views
+1 vote
1 answer

What is the relationship between angularjs Scope with controller/view?

Let us consider the below block: <div ng-controller="emp"> ...READ MORE

answered Jan 20 in Web Development by Niroj
• 22,110 points

edited Jan 21 by Niroj 67 views
+1 vote
1 answer

What is css box module?

Hey, All the element present in html follows ...READ MORE

answered Jan 20 in Web Development by Niroj
• 22,110 points

edited Jan 21 by Niroj 55 views