dcsimg
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


Tip of the Day
Language: SQL
Expertise: Intermediate
Mar 4, 2020

SQL Injection Tips, Part 3

SQL injection is probably the most common and easiest hacking technique out there. Now, don't think I condone it, I'm just trying to make you aware of some of the techniques used.

Let's say for example your database on a website runs a query that looks like the following:

SELECT * FROM Users WHERE UserId = @UserID //UserID based on input

By entering the following into the userid field on the webpage

99; DROP TABLE Products;

will change the above query to

SELECT * FROM Users WHERE UserId = 105; DROP TABLE Products;

This will return a userid with the ID of 99, as well as delete the table Products. This is because you have sent a batch statement that is a group of statements.

Hannes du Preez
 
Thanks for your registration, follow us on our social networks to keep up-to-date