+ 2
What is sql injection?
how to protect your website form sql injection?
8 odpowiedzi
+ 5
https://www.w3schools.com/sql/sql_injection.asp
Always check the data send by the user. Never trust him.
+ 2
Here's an example how do you avoid it.
https://www.sololearn.com/Discuss/1195628/about-php-database-connection
+ 1
There is a lot of SQL injection methods.
In very general answer it is attack on website trying apply our code to website code.
+ 1
ok
means good coding = no sql injection
+ 1
Hmm..
If you have text box on your website for password input and your code looks like this(prototype of code below):
SELECT user FROM users WHERE password = '$input'
Then someone can enter to text box something like this: anything' OR 'x'='x
Then your answer to database looks like this:
SELECT user FROM users WHERE password='anything' OR 'x'='x'
Which is always correct and gives us user.
+ 1
wow cool
then we can enter OR 'x'='x'
instead of password
any more strings you know
0
any example
0
We can enter: ' OR 'x' = 'x
Every character matters.