dcsimg
LinkedIn
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


advertisement
 

Tip: SQL Injection, Part 1

Learn more about how to avoid SQL injection issues.


advertisement

SQL injection is probably the most common and easiest hacking technique out there. Now, don't think I condone it, I'm just trying to make you aware of some of the techniques used.

Let's say, for example, your database on a website runs a query that looks like the following:

SELECT * FROM Users WHERE UserID = @UserID -- Some user ID parameter

It is easy to manipulate the query!

How? Well, by entering the wrong input, for example:

99 OR 1 = 1

In this case 1 = 1 will always be true, so irrespective if whether or not there is a user with the ID 99, it will still return all the users.

 

Visit the DevX Tip Bank

 



   
Email AuthorEmail Author
Close Icon
Thanks for your registration, follow us on our social networks to keep up-to-date