The SQL Injection is a code penetration technique that might cause loss to our database.
SQL injection is one of the most common web hacking techniques.
SQL injection is the placement of malicious code in SQL statements, via web page input.
SQL injection generally occurs when we ask a user to input their username/userID
Instead of a name or ID, the user gives us an MySQL statement that we will unknowingly run on our database.
Consider the following SQL statement which is a simple example of authenticating a user with a username and password in a web application.
SELECT * FROM users WHERE username='username_val' AND password='password_val';
If a user enters the values such as "sami" as username and "123" as password, then the resulting statement will be:
SELECT * FROM users WHERE username='sami' AND password='123';
If user is an attacker and instead of entering a valid username and password in the input fields, he entered the values something like: ' OR 'x'='x
In this case, the above SQL query will be constructed as:
SELECT * FROM users WHERE username='' OR 'x'='x' AND password='' OR 'x'='x';
This statement is a valid SQL statement and since WHERE 'x'='x ' is always true, the query will return all rows from the users table.
You can see how easily an attacker can get access to all the sensitive information of a database.
An attacker can delete data from the table or change all of its rows permanently.
Most databases support batched SQL statement.
A batch of SQL statements is a group of two or more SQL statements, separated by semicolons.
SELECT * From Students where ROLL_NO= 2; DROP Table Teachers;