Get Started: SQL Injection

In This Article, You Will Know About SQL Working With Dates.

Before moving ahead, let’s know a bit about the SQL Views.

Table of Contents

SQL Injection

SQL Injection is one of the most common ways to introduce hacking in the database that is used to destroy the database. It is a process of inserting a virus or malicious code into the SQL query through web page input.

SQL – Web Pages

SQL Injection is the process of asking for details from the user throughout a web page form such as username, password, etc. While submitting the information via a user, a web page also receives some SQL statement submitted unknowingly by a user.

Using a function getRequestString() to fetch details from the user. Following code add a string, fetched from the getRequestString() function to a SELECT statement.

				
					Name = getRequestString("Name");
SQL = "SELECT * FROM Users WHERE Name = " + Name;
				
			

SQL Injection Based on “”=”” is Always True

				
					Name = getRequestString("user_name");
Pass = getRequestString("user_password");
				
			
				
					details = 'SELECT * FROM Users WHERE Name ="' + Name + '" AND Pass ="' + Pass + '"'
				
			

A hacker could gain access to passwords and user names in a database simply by entering ” OR” “”=” in the user’s name or password text box:

Output:

				
					SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
				
			

The SQL above is valid and will return all rows from the “Users” table, since OR “”=”” is always TRUE.

SQL Injection Based on Batched SQL Statements 

Most databases support batched SQL statements.

The term “batch” refers to an SQL statement as a collection of 2 or more SQL statements segregated by semicolons.

The SQL query below should retrieve all rows in the “information” table, then remove all rows from the “details” table.

Example:

				
					SELECT * FROM information 
DROP TABLE details;
				
			

Look at another example:

Example:

				
					var1 = getRequestString("UserId");
var2 = "SELECT * FROM Users WHERE UserId = " + var1;
				
			

If you find anything incorrect in the above-discussed topic and have further questions, please comment below.

Connect on:

Leave a Comment