SQL Injection

Back to home
Logicmojo - Updated Aug 28, 2021



What is SQL Injection?

SQL injection, often known as SQLI, is a typical attack vector in which malicious SQL code is used to manipulate backend databases and get access to data that was not intended to be displayed. This data could encompass everything from sensitive company data to user lists to private consumer information.
It is a type of code injection that has the potential to completely ruin your database.One of the most frequent web hacking tactics is SQL injection. SQL injection is when malicious code is injected into SQL statements via web page input.


When SQL injection mistakes occur?

When SQL injection mistakes occur, it's because:
          πŸš€ Data is entered into a programme from an unreliable source.
          πŸš€ The information utilised to build a SQL query dynamically.

The following are the most significant consequences:
πŸš€ Confidentiality :Due to the sensitive nature of SQL databases, loss of confidentiality is a common issue when SQL Injection vulnerabilities are exploited.
πŸš€ Authentication : If weak SQL statements are used to check user names and passwords, it may be able to join to a system as another user who has never seen the password before.
πŸš€ Authorization : If authorization information is stored in a SQL database, effective exploitation of a SQL Injection vulnerability may allow this information to be changed.
πŸš€ Integrity : Just as it is easy to read sensitive data, it is also feasible to alter or even erase it.



SQL in Webpages

SQL is frequently used to enable access to user data on the backend of commercial websites. To link a website to a database, you can use a web framework to show SQL data on a web page, perform simple SQL queries yourself, or utilise a data visualisation tool to build charts and graphs depending on what's in the database.
When you ask a user for information, such as their username/userid, and instead of a name/id, the user provides you a SQL statement that you inadvertently run on your database,where SQL injection occurs.


Consider the following example, which adds a variable (txtUserId) to a select string to construct a SELECT query. The variable (getRequestString) is retrieved from user input:


txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;



SQL Injection Based on 1=1 is Always True

Let’s say we had a SQL statement.


SELECT * FROM Student
WHERE key = 'something'

Now I could use a SQL injection attack on it where {something} = β€œβ€™ or 1=1 or Student=’”
We would end up with on replacement

SELECT * FROM Student
WHERE key = 'something' or 1=1 or Student = ""

As a result, instead of returning a single record, it would return everything. We can also use id = someone else's id, and so on. This might also be used for an update statement or anything similar



How can SQL injection be avoided?

By taking the following measures SQL Injection can be avoided :

    πŸš€By pre-defining length, input type, and the input field, we should employ user authentication to validate user input.
   πŸš€ Users' access privileges are restricted, and limit the amount of data that an outsider can access from the database.
   πŸš€ In most cases, the user will not be granted authorization to access the entire database.


With this article at Logicmojo, you must have the complete idea of SQL Injection.