SQL injection takes advantage of Web apps that fail to validate user input. Hackers can maliciously pass SQL commands through the Web app for execution by a backend database. SQL injection can gain unauthorized access to a database or to retrieve information directly from the database. Many data breaches are due to SQL injection. How It Works After entering username and password, behind the GUI the SQL queries work as follows: " (*) Username= = SELECT Count FROM Users WHERE ' " + txt.User.Text+" ' AND Password ' "+ txt.Password.Text+" ' "; Now suppose User enters the Username: admin and Password: passwd123, so after clicking on the Log in button, SQL query will run as follows: " (*) Username= = SELECT Count FROM Users WHERE ' admin ' AND Password ' passwd123 ' "; If the credentials are correct, then the user is allowed to log in, so it's a very simple (and therefore insecure) mechanism. Hackers use this insecurity to gain unauthorized access. Hackers use a simple string called a Magical String, for example: Username: admin Password: anything 'or'1'='1 After clicking on the login button, the SQL query will work as follows: " (*) Username= = = SELECT Count FROM Users WHERE ' admin ' AND Password ' anything ' or '1' '1 ' "; Just take a closer look at the above query's password section. Password=' anything 'or'1'='1 ' The password is not 'anything', hence password=anything results in FALSE, but '1'='1' is a TRUE statement and hence returns a TRUE value. Finally, due to the OR operator, the value ( FALSE OR TRUE ) is TRUE, so authentication bypasses successfully. Just due to a simple string (Magical String) the entire database is compromised. How To Prevent Before executing the queries for the user credentials, make some changes like the following: $id = $_GET['id'] 

(1) $id = Stripslashes($id)

(2) $id = mysql_real_escape_String($id) So due to (1) each single quote (') in the input string is replaced with double quotes ("), and due to (2) before every (') it adds (/). The revised magical string fails to bypass the authentication, and your database stays secure. Learn more General knowledge on Wikipedia SQL injection on OWASP (Open Web Application Security Project) Explanation of SQL injection View Previous Terms: Block cipher mode of operation Certificate authority Challenge-response authentication Cipher Cipher suite Ciphertext CORS CORS-safelisted request header CORS-safelisted response header Cross-site scripting Cryptanalysis Cryptographic hash function Cryptography CSP CSRF Decryption Digital certificate DTLS (Datagram Transport Layer Security) Encryption Forbidden header name Forbidden response header name Hash HMAC HPKP HSTS HTTPS Key MitM OWASP Preflight request Public-key cryptography Reporting directive Robots.txt Same-origin policy Session Hijacking Symmetric-key cryptography TOFU Transport Layer Security (TLS) Credits Source: https://developer.mozilla.org/en-US/docs/Glossary/SQL_injection Published under license Open CC Attribution ShareAlike 3.0

Mozilla

Glossary of Security Terms: SQL Injection

About Author

Comments

TOPICS

THIS ARTICLE WAS FEATURED IN

Related Stories

A Quick Introduction to the Resize Observer API

10 VSCode Extensions To Make Your Life Easier

10 Ways Stand Out as a Java Developer and Land that Dream Job

10 Tips For Junior Developers To Succeed in Code

10 Things Every Beginner Should Know When Learning Javascript And React

10 Reasons Why Front End Development Is a Great Career Choice

A Quick Introduction to the Resize Observer API

10 VSCode Extensions To Make Your Life Easier

10 Ways Stand Out as a Java Developer and Land that Dream Job

10 Tips For Junior Developers To Succeed in Code

10 Things Every Beginner Should Know When Learning Javascript And React

10 Reasons Why Front End Development Is a Great Career Choice

Light-Mode

Classic

Newspaper

Minty

Dark-Mode

Neon Noir

Minty

HN StartUps