Tip: SQL Injection, Part 2

Tip: SQL Injection, Part 2

SQL injection is probably the most common and easiest hacking technique out there. Now, don’t think I condone it, I’m just trying to make you aware of some of the techniques used.

Let’s say for example your database on a website runs a query that looks like the following:

SELECT * FROM Users WHERE Name ="Hannes" AND Pass ="MyPassword"

By entering the following into the username field and the password field on the webpage

" or ""="

will change the above query to:

SELECT * FROM Users WHERE Name ="" or ""="" AND Pass ="" or ""=""

This will return all rows from the Users table, because OR “”=”” is always true.


Visit the DevX Tip Bank



About Our Editorial Process

At DevX, we’re dedicated to tech entrepreneurship. Our team closely follows industry shifts, new products, AI breakthroughs, technology trends, and funding announcements. Articles undergo thorough editing to ensure accuracy and clarity, reflecting DevX’s style and supporting entrepreneurs in the tech sphere.

See our full editorial policy.

About Our Journalist