+7

Anyone can explain MySQL injection ??

What is this exactly MySQL injection and the how can it is used on web browser ??

12/16/2018 6:05:31 AM

Raj Shekhar

26 Answers

New Answer

+2

In general is it possible ?? Or possible when some bugs found from the code.

+22

SQL injection refers to the act of someone inserting a MySQL statement to be run on your database without your knowledge. Injection usually occurs when you ask a user for input, like their name, and instead of a name they give you a MySQL statement that you will unknowingly run on your database.

+10

Welcome Abdesslam Dai bro 👍

+8

There is no such thing as 'MySQL Injection,' the common term is 'SQL Injection'. You are saying it as if the threat targets MySQL specifically. You must understand that SQL and MySQL are two different things.

+3

In general, you mean is it generally still a problem out there in the real world? Its becoming less a problem every year, but there will always be fools in charge of websites.

+3

Satnam Singh thank you for this information

+3

SQL Injection SQL infusion is a code infusion strategy that may devastate your database. SQL infusion is a standout amongst the most widely recognized web hacking methods. SQL infusion is the position of vindictive code in SQL articulations, through site page input. SQL in Web Pages SQL infusion more often than not happens when you approach a client for info, similar to their username/userid, and rather than a name/id, the client gives you a SQL proclamation that you will unwittingly keep running on your database. Take a gander at the accompanying precedent which makes a SELECT explanation by including a variable (txtUserId) to a select string. The variable is gotten from client input (getRequestString): example: txtUserId = getRequestString("UserId"); txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;

+2

IF you make sure to parameterize your input data and strip all special characters before storing, you will be fine.

+2

Alfie Mervyn you're talkin too much

+2

Alfie Mervyn do I have to tell mommy shark you're being naughty here? LOL

+1

yes of course it is possible if you didn't check for the type of the input php has special functions that prerpare an sql query to be executed then you bind the parameters to the query .. check for PHP prepared statements

+1

computerphile has a great video about it on youtube

+1

Sql injection is a malicious attempt to steal private data from a website

+1

Alfie you're smart

+1

Alfie Mervyn you're still talking?

+1

0

Obviously you have to put the speech marks inside the Quantum power level experimental thruster, this will = a+b+dinosaur which then also equal to = trigonometry of a circle which equals πxrxr = radius, see its simple.

0

Очень круто

0

i finished something mate, gotcha bet you cant

0

sorry one of my 91 daughters sat on the mouse and posted the comment before i could finish it