SQL injection is probably the most common and easiest hacking technique out there. Now, don’t think I condone it, I’m just trying to make you aware of some of the techniques used.
Let’s say for example your database on a website runs a query that looks like the following:
SELECT * FROM Users WHERE Name ="Hannes" AND Pass ="MyPassword"
By entering the following into the username field and the password field on the webpage
" or ""="
will change the above query to:
SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""
This will return all rows from the Users table, because OR “”=”” is always true.
?
?