- Yes,SQL injection is one of the most common web hacking techniques. It is a code injection technique that might destroy your database.
- SQL injection is injecting of malicious code in SQL statements, via web page input.
It can basically occur through two ways:
- SQL Injection based on 1=1 is always true.
Example: if some website such as edureka asked for user id then user can enter some "smart" input like this:
UserId :205 OR 1=1
Then, the SQL statement will look like this:
SELECT * FROM Users WHERE UserId = 105 OR 1=1;
The SQL above is valid and will return ALL rows from the "Users" table, since OR 1=1 is always TRUE
2.SQL Injection Based on "=" is Always True.
Example: user login on a web site:
uname = getRequestString("Username");
upass = getRequestString("Password");
sql = 'SELECT * FROM Users WHERE Name ="' + uname + '" AND Pass ="' + upass + '"'
SELECT * FROM Users WHERE Name ="Niraj" AND Pass ="Dey"
A hacker might get access to user names and passwords in a database by simply inserting " OR ""=" into the user name or password text box:
User Name:" or ""="
Password: " or ""="
The code at the server will create a valid SQL statement like this:
Result:SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
The SQL above is valid and will return all rows from the "Users" table, since OR ""="" is always TRUE.