Tip: SQL Injection, Part 1

Tip: SQL Injection, Part 1

SQL injection is probably the most common and easiest hacking technique out there. Now, don’t think I condone it, I’m just trying to make you aware of some of the techniques used.

Let’s say, for example, your database on a website runs a query that looks like the following:

SELECT * FROM Users WHERE UserID = @UserID -- Some user ID parameter

It is easy to manipulate the query!

How? Well, by entering the wrong input, for example:

99 OR 1 = 1

In this case 1 = 1 will always be true, so irrespective if whether or not there is a user with the ID 99, it will still return all the users.


Visit the DevX Tip Bank



Share the Post: