- SQL Injection is the hacking technique which attempts to pass SQL commands (statements) through a web application for execution by the backend database.
- SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations.
- SQL Injection is type of attack that can be done through user inputs (Inputs that filled by user and then used inside queries).
- The SQL Injection patterns are correct query syntax so we can call them ‘bad queries for bad reasons’.
If user input is inserted without modification into an SQL query, then the application becomes vulnerable to SQL injection, like in the following example:
1 2 3 4 5 6 7 8 9 10 11 12 13 | <?php $username = $_POST['username']; $password = $_POST['password']; $query = "SELECT userid FROM users WHERE username = '".$username."' AND password = '".$password."'"; //providing john as username and password is provided as following: any' OR 'x' = 'x echo $query; ?> Output: SELECT userid FROM users WHERE username = 'john' AND password = 'any' OR 'x'='x' |
In this php code the variables $username and $password are requested directly from the user’s input. We suppose that “john” is provided as an username (without quotes) and password as following:
any’ OR ‘x’ = ‘x
As the inputs received are not properly sanitised, the use of the single quotes has turned the WHERE SQL command into a two-component clause.
SELECT userid FROM users WHERE username = ‘john’ AND password = ‘any’ OR ‘x’=’x’
The ‘x’=’x’ part guarantees to be true regardless of what the first part contains.
This will allow the attacker to bypass the login form without actually knowing a valid username / password combination!
Impact of SQL Injection
Once an attacker realizes that a system is vulnerable to SQL Injection, he is able to inject SQL Query / Commands through an input form field. This is equivalent to handing the attacker your database and allowing him to execute any SQL command.
This may compromise the integrity of your database and/or expose sensitive information.
SQL Injection is a vulnerability for any kind of database like MSSQL, MySQL, Oracle and many more. In upcoming article we will discuss the ways to prevent our database from SQL Injection Attacks.
Read next: Methods and tips to prevent SQL Injection attacks