+ 1

What is a SQL injection and how do I code one?

I am nearly done learning SQL and what took my attention is SQL vulnerabilities and SQL injections (SQLi), how is it made?

23rd Jul 2017, 2:05 AM
Ģŕęąť Şhįńįģąmį
Ģŕęąť Şhįńįģąmį - avatar
7 Answers
+ 7
nothing.. just knowledge of sql and a poorly designed website see here for more info: https://www.w3schools.com/sql/sql_injection.asp
23rd Jul 2017, 2:11 AM
jay
jay - avatar
+ 6
it is made possible by poor design. i.e not checking user input for validity before processing
23rd Jul 2017, 2:06 AM
jay
jay - avatar
+ 6
It is usually done on website forms where the user has to insert information. Instead of information like name, you put sql commands.
23rd Jul 2017, 2:08 AM
jay
jay - avatar
+ 5
Explainxkcd's comments (for the webcomic xkcd) are usually pretty helpful: https://www.explainxkcd.com/wiki/index.php/327:_Exploits_of_a_Mom
23rd Jul 2017, 2:55 AM
Kirk Schafer
Kirk Schafer - avatar
+ 3
I see! I get it clearly now! Thanks guys!
23rd Jul 2017, 2:30 AM
Ģŕęąť Şhįńįģąmį
Ģŕęąť Şhįńįģąmį - avatar
+ 1
Still confused though. ._.
23rd Jul 2017, 2:07 AM
Ģŕęąť Şhįńįģąmį
Ģŕęąť Şhįńįģąmį - avatar
+ 1
Yes, but what programs do I need to do so?
23rd Jul 2017, 2:10 AM
Ģŕęąť Şhįńįģąmį
Ģŕęąť Şhįńįģąmį - avatar