dcsimg
LinkedIn
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


Tip of the Day
Language: SQL
Expertise: Intermediate
Feb 12, 2020

SQL Injection Tips, Part 2

SQL injection is probably the most common and easiest hacking technique out there. Now, don't think I condone it, I'm just trying to make you aware of some of the techniques used.

Let's say for example your database on a website runs a query that looks like the following:

SELECT * FROM Users WHERE Name ="Hannes" AND Pass ="MyPassword"

By entering the following into the username field and the password field on the webpage

" or ""="

will change the above query to:

SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""

This will return all rows from the Users table, because OR ""="" is always true.

Hannes du Preez
 
Close Icon
Thanks for your registration, follow us on our social networks to keep up-to-date