SQL Injection is one of the most common ways to introduce hacking in the database that is used to destroy the database. It is a process of inserting a virus or malicious code into the SQL query through web page input.
SQL – Web Pages
SQL Injection is the process of asking for details from the user throughout a web page form such as username, password, etc. While submitting the information via a user, a web page also receives some SQL statement submitted unknowingly by a user.
Using a function getRequestString() to fetch details from the user. Following code add a string, fetched from the getRequestString() function to a SELECT statement.
Name = getRequestString("Name"); SQL = "SELECT * FROM Users WHERE Name = " + Name;
SQL Injection Based on “”=”” is Always True
Name = getRequestString("user_name"); Pass = getRequestString("user_password");
details = 'SELECT * FROM Users WHERE Name ="' + Name + '" AND Pass ="' + Pass + '"'
A hacker could gain access to passwords and user names in a database simply by entering ” OR” “”=” in the user’s name or password text box:
SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
The SQL above is valid and will return all rows from the “Users” table, since OR “”=”” is always TRUE.
SQL Injection Based on Batched SQL Statements
Most databases support batched SQL statements.
The term “batch” refers to an SQL statement as a collection of 2 or more SQL statements segregated by semicolons.
The SQL query below should retrieve all rows in the “information” table, then remove all rows from the “details” table.
SELECT * FROM information DROP TABLE details;
Look at another example:
var1 = getRequestString("UserId"); var2 = "SELECT * FROM Users WHERE UserId = " + var1;
If you find anything incorrect in the above-discussed topic and have further questions, please comment below.