SQL (Structured Query Language) is a popular programming language for managing data kept in relational databases.
How does an SQL injection take place?
The main pop in of SQL injection attacks is error-based attacks.
They take place when attackers compromise unsanitized inputs.
For example, here is the PHP code of a login web form having username and password fields.
$my_sql_query=SELECT * FROM users WHERE username='.$computer.
AND user_password='.$comp123;;
However, the above code is vulnerable to attacks.
$my_sql_query=SELECT * FROM users WHERE username='.$computer.
Here is the improved version of the code mentioned above.
You should avoid giving users excessive privileges.
For example, if you are using the Microsoft SQL server, you could limit database permissions as follows.
Importantly, you should avoid revealing database error information to users.
Conclusion
SQL injection is one of the common types of attacks hackers use to compromise systems.
Therefore, you should probably stay vigilant and appropriately guard your IT infrastructure from this jot down of attack.
source: www.techworm.net
