MySQL-Home MySQL-Environment setup MySQL- Workbench MySQL-Basic syntax MySQL-Operator MySQL-Data type MySQL-Comments MySQL-Create DB MySQL-Drop DB MySQL-Select DB MySQL-Create Table MySQL-Drop table MySQL-Truncate MySQL-Primary Key MySQL-Foreign Key MySQL-Null MySQL-Increment MySQL-Having MySQL-Top MySQL-Insert Statement MySQL-Select Statement MySQL-Alter Statement MySQL-Where MySQL-And & Or MySQL-Default values MySQL-Exists MySQL-Order by MySQL-View MySQL-Update Statement MySQL-Delete Statement MySQL-Like MySQL-Sort MySQL-Limit MySQL-Min MySQL-Max MySQL-Group MySQL-In MySQL-Between MySQL-Union MySQL-Count MySQL-Average MySQL-Sum MySQL-Date & Time MySQL-Import MySQL-Export MySQL-Index MySQL-Temporary MySQL-Join MySQL-Full Join MySQL-Inner Join MySQL-Left Join MySQL-Right Join MySQL-Store Procedure MySQL-Injection MySQL-PHP connection

SQL - Injection

The SQL Injection is a code penetration technique that might cause loss to our database.

SQL injection is one of the most common web hacking techniques.

SQL injection is the placement of malicious code in SQL statements, via web page input.

SQL injection generally occurs when we ask a user to input their username/userID

Instead of a name or ID, the user gives us an MySQL statement that we will unknowingly run on our database.

How SQL Injection Works

Consider the following SQL statement which is a simple example of authenticating a user with a username and password in a web application.

 SELECT * FROM users 
 WHERE username='username_val' 
   AND password='password_val';

If a user enters the values such as "sami" as username and "123" as password, then the resulting statement will be:

 SELECT * FROM users 
 WHERE username='sami' 
   AND password='123';

If user is an attacker and instead of entering a valid username and password in the input fields, he entered the values something like: ' OR 'x'='x

In this case, the above SQL query will be constructed as:

 SELECT * FROM users 
 WHERE username='' OR 'x'='x' 
   AND password='' OR 'x'='x';

This statement is a valid SQL statement and since WHERE 'x'='x ' is always true, the query will return all rows from the users table.

You can see how easily an attacker can get access to all the sensitive information of a database.

An attacker can delete data from the table or change all of its rows permanently.

SQL Injection Based on Batched SQL Statements

Most databases support batched SQL statement.

A batch of SQL statements is a group of two or more SQL statements, separated by semicolons.

Example :

SELECT * From Students where ROLL_NO= 2; DROP Table Teachers;  

How to prevent SQL Injection attack

  • We should use user authentication to validate input from the user by pre-defining length, input type, and the input field.
  • The user cannot be granted permission to access everything in the database.
  • We should not use system administrator accounts.