8 lines
859 B
Plaintext
8 lines
859 B
Plaintext
== What is SQL Injection?
|
|
|
|
SQL Injections are the most common web hacking techniques. *A SQL injection attack consists of insertion or "injection" of malicious code via the SQL query input from the client to the application.* If not dealt with correctly, such an injection of code into the application can have an serious impact on e.g. data integrity and security.
|
|
|
|
SQL Injections can occur, when unfiltered data from the client, e.g. the input of a search field, gets into the SQL-Interpreter of the application itself. If the input from the client does not get checked for containing SQL Commands, hackers can easily manipulate the underlying SQL-Statement to their advantages. +
|
|
Per example if the input is not filtered for SQL metacharacters like *--* (comments out the rest of the line) or *;* (ends a SQL-query and that way can be used to chain them)
|
|
|