+ 2

What is sql injection?

how to protect your website form sql injection?

6th Apr 2018, 12:48 PM
Programmer Gaurav
Programmer Gaurav - avatar
8 Answers
+ 5
https://www.w3schools.com/sql/sql_injection.asp Always check the data send by the user. Never trust him.
6th Apr 2018, 1:03 PM
Geo
Geo - avatar
6th Apr 2018, 3:05 PM
Toni Isotalo
Toni Isotalo - avatar
+ 1
There is a lot of SQL injection methods. In very general answer it is attack on website trying apply our code to website code.
6th Apr 2018, 12:57 PM
Bartosz Pieszko
Bartosz Pieszko - avatar
+ 1
ok means good coding = no sql injection
6th Apr 2018, 1:07 PM
Programmer Gaurav
Programmer Gaurav - avatar
+ 1
Hmm.. If you have text box on your website for password input and your code looks like this(prototype of code below): SELECT user FROM users WHERE password = '$input' Then someone can enter to text box something like this: anything' OR 'x'='x Then your answer to database looks like this: SELECT user FROM users WHERE password='anything' OR 'x'='x' Which is always correct and gives us user.
6th Apr 2018, 1:07 PM
Bartosz Pieszko
Bartosz Pieszko - avatar
+ 1
wow cool then we can enter OR 'x'='x' instead of password any more strings you know
6th Apr 2018, 1:12 PM
Programmer Gaurav
Programmer Gaurav - avatar
0
any example
6th Apr 2018, 12:58 PM
Programmer Gaurav
Programmer Gaurav - avatar
0
We can enter: ' OR 'x' = 'x Every character matters.
6th Apr 2018, 1:23 PM
Bartosz Pieszko
Bartosz Pieszko - avatar