An SQL Injection can destroy your database.

SQL Injection

SQL injection is a technique where malicious/harmful users can inject SQL commands into an SQL statements, via web page input.
Injected SQL commands can alter SQL statement and compromises the security of a web application.

1. SQL Injection Based on 1=1 is Always True.

txtUserId = getRequestString(“UserId”);
txtSQL = “SELECT * FROM Users WHERE UserId = ” + txtUserId;
txtUserId = 105 or 1=1;
SELECT * FROM Users WHERE UserId = 105 or 1=1;

2. SQL Injection Based on “”=”” is Always True.

uName = getRequestString(“UserName”);
uPass = getRequestString(“UserPass”);
sql = “SELECT * FROM Users WHERE Name ='” + uName + “‘ AND Pass ='” + uPass + “‘”

SELECT * FROM Users WHERE Name =”” or “”=”” AND Pass =”” or “”=””
The result SQL is valid. It will return all rows from the table Users, since WHERE “”=”” is always true.

3. SQL Injection Based on Batched SQL.

txtUserId = getRequestString(“UserId”);
txtSQL = “SELECT * FROM Users WHERE UserId = ” + txtUserId;
txtUserId = 105; DROP TABLE Suppliers

SELECT * FROM Users WHERE UserId = 105; DROP TABLE Suppliers.

Advertisements