What is SQL injection

+1 vote
Does SQL injection related to or helps to hack any vulnerable website?
Jan 22, 2020 in Web Development by kartik
• 37,520 points
1,376 views

1 answer to this question.

+1 vote

hey @Fighnithi,

  • Yes,SQL injection is one of the most common web hacking techniques. It is a code injection technique that might destroy your database.
  • SQL injection is injecting of malicious code in SQL statements, via web page input.

It can basically occur through two ways:

  1. SQL Injection based on 1=1 is always true.

                                Example:    if some website such as edureka asked for user id then user can enter some "smart" input like this: 

                                                     UserId :205 OR 1=1

                                                   Then, the SQL statement will look like this: 

                                                             SELECT * FROM Users WHERE UserId = 105 OR 1=1;                            

                                                   ​The SQL above is valid and will return ALL rows from the "Users" table, since OR 1=1 is always TRUE

       2.SQL Injection Based on "=" is Always True.

                              Example:  user login on a web site:

                                                Username: Niraj

                                                Password: Dey

                                      Then, Statement

                                               uname = getRequestString("Username");
                                               upass = getRequestString("Password");

                                               sql = 'SELECT * FROM Users WHERE Name ="' + uname + '" AND Pass ="' + upass + '"'

                                      Result:

                                            SELECT * FROM Users WHERE Name ="Niraj" AND Pass ="Dey"

                                            A hacker might get access to user names and passwords in a database by simply inserting " OR ""=" into the user name or password text box:

                                            User Name:" or ""="

                                            Password: " or ""="

                                           The code at the server will create a valid SQL statement like this:

                                          Result:SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""

                                          The SQL above is valid and will return all rows from the "Users" table, since OR ""="" is always TRUE.

answered Jan 22, 2020 by Niroj
• 82,840 points

Related Questions In Web Development

0 votes
0 answers

What are Best Practices for preventing SQL injection in node-mysql?

What are Best Practices for preventing SQL ...READ MORE

Oct 14 in Web Development by anonymous
• 3,820 points
68 views
0 votes
0 answers

What are Best Practices for preventing SQL injection in node-mysql?

What are Best Practices for preventing SQL ...READ MORE

Oct 21 in Web Development by Nidhi
• 3,820 points
179 views
0 votes
1 answer

What is the difference between span and div?

The div should be used to wrap sections of ...READ MORE

answered Jan 16, 2020 in Web Development by Niraj

edited Jan 21, 2020 by Niroj 3,683 views
+1 vote
9 answers

What is the difference between web design and web development?

A designer designs the web pages and ...READ MORE

answered Jan 22, 2020 in Web Development by Niroj
• 82,840 points
2,195 views
0 votes
1 answer
0 votes
1 answer

How to pass props to {this.props.children}?

Hello @kartik,  Try using this: <div> ...READ MORE

answered Jul 22, 2020 in Angular by Niroj
• 82,840 points
3,520 views
0 votes
1 answer

How to specify a port to run a create-react-app based project?

Hello @kartik, You could use cross-env to set the port, ...READ MORE

answered Jul 22, 2020 in Angular by Niroj
• 82,840 points
5,920 views
0 votes
1 answer

How to unset or remove a collection element after fetching it?

Hello @kartik, You would want to use ->forget() $collection->forget($key); Hope it ...READ MORE

answered Sep 11, 2020 in Laravel by Niroj
• 82,840 points
9,676 views
+1 vote
1 answer

What is the relationship between angularjs Scope with controller/view?

Let us consider the below block: <div ng-controller="emp"> ...READ MORE

answered Jan 20, 2020 in Web Development by Niroj
• 82,840 points

edited Jan 21, 2020 by Niroj 1,186 views
+1 vote
1 answer

What is css box module?

Hey, All the element present in html follows ...READ MORE

answered Jan 20, 2020 in Web Development by Niroj
• 82,840 points

edited Jan 21, 2020 by Niroj 1,221 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP