+ 2

What is sql injection?

how to protect your website form sql injection?

sql database hacking ethicalhacking sqlinjection

6th Apr 2018, 12:48 PM

Programmer Gaurav

8 Answers

+ 5

https://www.w3schools.com/sql/sql_injection.asp Always check the data send by the user. Never trust him.

6th Apr 2018, 1:03 PM

Geo

+ 2

Here's an example how do you avoid it. https://www.sololearn.com/Discuss/1195628/about-php-database-connection

6th Apr 2018, 3:05 PM

Toni Isotalo

+ 1

There is a lot of SQL injection methods. In very general answer it is attack on website trying apply our code to website code.

6th Apr 2018, 12:57 PM

Bartosz Pieszko

+ 1

ok means good coding = no sql injection

6th Apr 2018, 1:07 PM

Programmer Gaurav

+ 1

Hmm.. If you have text box on your website for password input and your code looks like this(prototype of code below): SELECT user FROM users WHERE password = '$input' Then someone can enter to text box something like this: anything' OR 'x'='x Then your answer to database looks like this: SELECT user FROM users WHERE password='anything' OR 'x'='x' Which is always correct and gives us user.

6th Apr 2018, 1:07 PM

Bartosz Pieszko

+ 1

wow cool then we can enter OR 'x'='x' instead of password any more strings you know

6th Apr 2018, 1:12 PM

Programmer Gaurav

any example

6th Apr 2018, 12:58 PM

Programmer Gaurav

We can enter: ' OR 'x' = 'x Every character matters.

6th Apr 2018, 1:23 PM

Bartosz Pieszko