Home | README.md | Portfolio | ← | →

Reading Understanding SQL Injection, Identification and Prevention

What is SQL injection?

First: SQL (Structured Query Language) is a script language SQL Injection is when you input that script language into input fields like search bars, or the url bar on the browser to manipulate the website to feed you databases you would otherwise not have access to.

Can you give an example of how a hacker could use SQL injection to gain unauthorized access?

For example: at the end of the url bar let's say it looks something like this: ?id=1 and a bad actor rewrites it to something malicious like ?id=1; DROP TABLE users;. This would not only retrieve the data associated with id=1 but also execute the additional command to drop (delete) the users table, leading to unauthorized data manipulation or loss.

What are some ways to prevent SQL injection attacks on a web server?

You can start with the principle of least privilege to prevent users from accessing accounts, 1.Prepared Statements and Parameterized Queries, if an attacker changes the SQL command, it won't change the intent of the query.