What is SQL Injection? how can I avoid it

Asked By 0 points N/A Posted on -
qa-featured

I am new to database. My teacher said, 'take care of SQL Injection". What is it? How can I avoid it? I know it’s some security risk.

I Googled it, and I saw some examples but it’s not clear. How can I take a comprehensive measure to avoid it?

Thanks

SHARE
Best Answer by Paul Mac
Answered By 0 points N/A #81003

What is SQL Injection? how can I avoid it

qa-featured

A SQL Injection attack is a form of attack, that comes from user input that has not been checked to see that it is valid.

The objective is to fool the database system into running malicious code, that will reveal sensitive information or otherwise compromise the server.

There are two main types of attacks. First-order attacks are when the attacker receives the desired result immediately, either by direct response from the application they are interacting with or some other response mechanism, such as email.

Here is the link which will guide you to prevent such an attack. Prevent SQL Injection Attacks

Regards,

Hopkins

Best Answer
Best Answer
Answered By 0 points N/A #81006

What is SQL Injection? how can I avoid it

qa-featured

SQL Injection:

SQL injection is an attack in which malicious code is inserted into strings.

This malicious code strings are passed to the SQL server for execution. This can affect the stored data.

Malicious code of string can attack by terminating a text string and appending a new command.

Step to avoid Injections:

You need to test the size and data type of input and enforce appropriate limits.

Before you accept the expected values test the content of string variables.

When you are working with XML documents, validate all data against Its schema as it is entered.

Reject entries that contain binary data, escape sequences and comment characters.

Never build Transact SQL statements directly from user input.

Example:
The following script shows a SQL Injection.
 
For example, consider a web page has two fields to allow users to enter a user name and a password. The code behind the page will generate a SQL query to check the password against the list of user names:
 
SELECT UserList.Username
FROM UserList
WHERE UserList.Username = 'Username'
AND UserList.Password = 'Password'
 
If this query returns any rows, then access is granted. However, if the malicious user enters a valid Username and injects some valid code ("password' OR '1'='1") in the Password field, then the resulting query will look like this:
SELECT UserList.Username
FROM UserList
WHERE UserList.Username = 'Username'
AND UserList.Password = 'password' OR '1'='1'
 
In the example above, "Password" is assumed to be blank or some innocuous string. "'1'='1'" will always be true and many rows will be returned, thereby allowing access.
 
The technique may be refined to allow multiple statements to run, or even to load up and run external programs.
 
 

Related Questions