dcsimg
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

Tip: SQL Injection, Part 2

Learn more about how to avoid issues with SQL injection.


advertisement

WEBINAR:

On-Demand

Building the Right Environment to Support AI, Machine Learning and Deep Learning


SQL injection is probably the most common and easiest hacking technique out there. Now, don't think I condone it, I'm just trying to make you aware of some of the techniques used.

Let's say for example your database on a website runs a query that looks like the following:

SELECT * FROM Users WHERE Name ="Hannes" AND Pass ="MyPassword"

By entering the following into the username field and the password field on the webpage

" or ""="

will change the above query to:

SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""

This will return all rows from the Users table, because OR ""="" is always true.

 

Visit the DevX Tip Bank

 





   
Thanks for your registration, follow us on our social networks to keep up-to-date