What is sql injection and why is it bad

in #securyty7 years ago (edited)

Sql injection


What is it:


Before I say what is it I would like to say where it happens.
Most of the websites are using a database.It can be for user login/registration, posts etc.
For example in php you can use something called Mysqli witch stands for mysql improved.Mysql being the database and improved says that is better but still you can exploit it.When a developer wants to access the database for something it send to the database a query.
If you're sending to the database somebody's username, you send a query with the username the user typed in.Here is the problem.The user can type anything and it can change the query like that and send malicious code into the database.

How do we use it:


It's not that hard after you found a website vulnerable to sql injection.You just type the code in a field.
For example , on a login form where you have a username and password field, the query could loke like this:
SELECT * FROM users WHERE username="username_value" AND password="users_password".If the developer uses this query there are lots of problems(never store passwords in the database, sql injection....) but if they do you can type in the username and password field the folowing: " or ""=".
What does this will do?Well it will change the query to this:
SELECT * FROM users WHERE username="" or ""="" AND password="" or ""=""
What does this mean?Let's break it apart.SELECT * FROM users WHERE means select anything from the table called users where this condition is met: username="" or ""="" AND password="" or ""="" and this means username equals ""(nothing not even a space) or nothing equals nothing.This applies for password too.
You can do more than this.When you want to send multiple queryes at once you separate them with ; and you can type the folowing in the password field(last one) ; DROP TABLE users;.This will delete the table.

How do we make our page secure to sql injection


You can do multiple things depending on what language you're using.

  1. Escape special characters like " and ' and ` and ;
  2. Use prepared statements.
    Prepared statements are a diffrent way to talk with the database.You make the query but instead of the value you put a placeholder and when you send the query you send with it the value for the placeholder too(this is the easyest I can explain).
  3. Prevent users from inserting those characters.
Sort:  

Hello @aleksssboss157, upv0t3
This is a free service for new steemit users, to support them and motivate them to continue generating valuable content for the community.
<3 This is a heart, or an ice cream, you choose.

:)


R4ND0M:
9085 3722 2673 9120
5450 1520 7480 4610
8691 1063 3851 5347
5663 1029 3363 7673