dcsimg
LinkedIn
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


Tip of the Day
Language: SQL
Expertise: Intermediate
Feb 5, 2020

SQL Injection Tips, Part 1

SQL injection is probably the most common and easiest hacking technique out there. Now, don't think I condone it, I'm just trying to make you aware of some of the techniques used.

Let's say, for example, your database on a website runs a query that looks like the following:

SELECT * FROM Users WHERE UserID = @UserID -- Some user ID parameter

It is easy to manipulate the query!

How? Well, by entering the wrong input, for example:

99 OR 1 = 1

In this case 1 = 1 will always be true, so irrespective if whether or not there is a user with the ID 99, it will still return all the users.

Hannes du Preez
 
Close Icon
Thanks for your registration, follow us on our social networks to keep up-to-date