What is SQL injection

+1 vote
Does SQL injection related to or helps to hack any vulnerable website?
Jan 22, 2020 in Web Development by kartik
• 37,520 points
1,272 views

1 answer to this question.

+1 vote

hey @Fighnithi,

  • Yes,SQL injection is one of the most common web hacking techniques. It is a code injection technique that might destroy your database.
  • SQL injection is injecting of malicious code in SQL statements, via web page input.

It can basically occur through two ways:

  1. SQL Injection based on 1=1 is always true.

                                Example:    if some website such as edureka asked for user id then user can enter some "smart" input like this: 

                                                     UserId :205 OR 1=1

                                                   Then, the SQL statement will look like this: 

                                                             SELECT * FROM Users WHERE UserId = 105 OR 1=1;                            

                                                   ​The SQL above is valid and will return ALL rows from the "Users" table, since OR 1=1 is always TRUE

       2.SQL Injection Based on "=" is Always True.

                              Example:  user login on a web site:

                                                Username: Niraj

                                                Password: Dey

                                      Then, Statement

                                               uname = getRequestString("Username");
                                               upass = getRequestString("Password");

                                               sql = 'SELECT * FROM Users WHERE Name ="' + uname + '" AND Pass ="' + upass + '"'

                                      Result:

                                            SELECT * FROM Users WHERE Name ="Niraj" AND Pass ="Dey"

                                            A hacker might get access to user names and passwords in a database by simply inserting " OR ""=" into the user name or password text box:

                                            User Name:" or ""="

                                            Password: " or ""="

                                           The code at the server will create a valid SQL statement like this:

                                          Result:SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""

                                          The SQL above is valid and will return all rows from the "Users" table, since OR ""="" is always TRUE.

answered Jan 22, 2020 by Niroj
• 82,880 points

Related Questions In Web Development

0 votes
1 answer

What is the difference between span and div?

The div should be used to wrap sections of ...READ MORE

answered Jan 16, 2020 in Web Development by Niraj

edited Jan 21, 2020 by Niroj 3,527 views
+1 vote
9 answers

What is the difference between web design and web development?

A designer designs the web pages and ...READ MORE

answered Jan 22, 2020 in Web Development by Niroj
• 82,880 points
2,039 views
0 votes
1 answer

What is data binding in AngularJS?

Data binding is synchronization of data between the ...READ MORE

answered Jan 23, 2020 in Web Development by Niroj
• 82,880 points
1,041 views
0 votes
1 answer

What is a Favicon, and Why is It Important?

A favicon is your website logo that ...READ MORE

answered Jan 30, 2020 in Web Development by Niroj
• 82,880 points
1,082 views
0 votes
1 answer
0 votes
1 answer

How to pass props to {this.props.children}?

Hello @kartik,  Try using this: <div> ...READ MORE

answered Jul 22, 2020 in Angular by Niroj
• 82,880 points
3,456 views
0 votes
1 answer

How to specify a port to run a create-react-app based project?

Hello @kartik, You could use cross-env to set the port, ...READ MORE

answered Jul 22, 2020 in Angular by Niroj
• 82,880 points
5,750 views
0 votes
1 answer

How to unset or remove a collection element after fetching it?

Hello @kartik, You would want to use ->forget() $collection->forget($key); Hope it ...READ MORE

answered Sep 11, 2020 in Laravel by Niroj
• 82,880 points
9,556 views
+1 vote
1 answer

What is the relationship between angularjs Scope with controller/view?

Let us consider the below block: <div ng-controller="emp"> ...READ MORE

answered Jan 20, 2020 in Web Development by Niroj
• 82,880 points

edited Jan 21, 2020 by Niroj 1,047 views
+1 vote
1 answer

What is css box module?

Hey, All the element present in html follows ...READ MORE

answered Jan 20, 2020 in Web Development by Niroj
• 82,880 points

edited Jan 21, 2020 by Niroj 1,161 views
webinar REGISTER FOR FREE WEBINAR X
REGISTER NOW
webinar_success Thank you for registering Join Edureka Meetup community for 100+ Free Webinars each month JOIN MEETUP GROUP