SQL injection

A SQL injection is an attack that passes SQL commands through an online application that uses a SQL database. If vulnerable this could allow the attacker to execute arbitrary SQL commands or queries through the web application. SQL injections could allow that user to gain unauthorized access to the system, insert data, manipulate data, or view database data (e.g. credit card information) they should not be able to see.

A basic example of a SQL injection technique is sending an or true statement command through the web applications login. For example, a username and password with ' or '1'='1' or ' or 'a'='a', which grants the user access since these statements are true.

SQL injections are one of the most common techniques hackers use to gain unauthorized access to an online database driven system or collect information such as usernames, passwords, credit card information, and other personal information.

Also see: Security definitions, SQL

Category
Dictionary
Related pages
S - Definitions
Solved?
Were you able to locate the answer to your question?

Yes
No

SQL injection

Recently added

Useful links