{"id":106382,"date":"2021-02-05T14:14:37","date_gmt":"2021-02-05T08:44:37","guid":{"rendered":"https:\/\/www.vskills.in\/certification\/tutorial\/?page_id=106382"},"modified":"2024-04-12T14:29:03","modified_gmt":"2024-04-12T08:59:03","slug":"sql-injection-attack","status":"publish","type":"page","link":"https:\/\/www.vskills.in\/certification\/tutorial\/sql-injection-attack\/","title":{"rendered":"SQL Injection Attack"},"content":{"rendered":"\n<p>SQL Injection is a security vulnerability in which an attacker submits a database SQL command which is executed by the web site, exposing the back-end database. The attack takes place if, the web site or web application does not validate user-supplied data given with a SQL command or query which tricks the tricks the web site or web application into executing unintended commands or even changing data.<\/p>\n\n\n\n<p>SQL Injection allows an attacker to create, read, update, alter, or delete data stored in the back-end database. It is usually used by attackers to gain access to sensitive information. An example is given below<\/p>\n\n\n\n<p><strong>Working<\/strong><\/p>\n\n\n\n<p>In a web application, the user is prompted to enter the name of the city where to order is to be delivered and user enters Delhi, the query assembled by the script will be like<\/p>\n\n\n\n<p>SELECT * FROM OrdersTable WHERE ShipCity = &#8216;Delhi&#8217;<\/p>\n\n\n\n<p>However, if attacker inputs a nefarious input of<\/p>\n\n\n\n<p>Delhi&#8217;; drop table OrdersTable&#8211;<\/p>\n\n\n\n<p>and web site is lacking input validation then, following query will also execute as<\/p>\n\n\n\n<p>SELECT * FROM OrdersTable WHERE ShipCity = &#8216;Delhi&#8217;;drop table OrdersTable&#8211;&#8216;<\/p>\n\n\n\n<p>The semicolon (;) denotes the end of one query and the start of another. The double hyphen (&#8211;) indicates that the rest of the current line is a comment and should be ignored. If the modified code is syntactically correct, it will be executed by the server. When database server processes this statement, database server will first select all records in OrdersTable where ShipCity is Delhi. Then, database server will drop OrdersTable.<\/p>\n\n\n\n<p><strong>Prevention<\/strong><\/p>\n\n\n\n<p>Measures to be used to prevent SQL injection includes the following<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Validating user-given input against a set of defined rules for length, type, and syntax and also against business rules.<\/li><li>Users should have the least privileges and as per their role.<\/li><li>Change default username in database.<\/li><li>Use strongly typed parameterized query APIs with placeholder substitution markers, even when calling stored procedures.<\/li><\/ul>\n","protected":false},"excerpt":{"rendered":"<p>SQL Injection is a security vulnerability in which an attacker submits a database SQL command which is executed by the web site, exposing the back-end database. The attack takes place if, the web site or web application does not validate user-supplied data given with a SQL command or query which tricks the tricks the web&#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-106382","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>SQL Injection Attack - Tutorial<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.vskills.in\/certification\/tutorial\/sql-injection-attack\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SQL Injection Attack - Tutorial\" \/>\n<meta property=\"og:description\" content=\"SQL Injection is a security vulnerability in which an attacker submits a database SQL command which is executed by the web site, exposing the back-end database. The attack takes place if, the web site or web application does not validate user-supplied data given with a SQL command or query which tricks the tricks the web...\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.vskills.in\/certification\/tutorial\/sql-injection-attack\/\" \/>\n<meta property=\"og:site_name\" content=\"Tutorial\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/vskills.in\/\" \/>\n<meta property=\"article:modified_time\" content=\"2024-04-12T08:59:03+00:00\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/sql-injection-attack\/\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/sql-injection-attack\/\",\"name\":\"SQL Injection Attack - Tutorial\",\"isPartOf\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#website\"},\"datePublished\":\"2021-02-05T08:44:37+00:00\",\"dateModified\":\"2024-04-12T08:59:03+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/sql-injection-attack\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.vskills.in\/certification\/tutorial\/sql-injection-attack\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/sql-injection-attack\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.vskills.in\/certification\/tutorial\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"SQL Injection Attack\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#website\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/\",\"name\":\"Tutorial\",\"description\":\"Vskills - A initiative in elearning and certification\",\"publisher\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.vskills.in\/certification\/tutorial\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#organization\",\"name\":\"Vskills\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg\",\"contentUrl\":\"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg\",\"width\":73,\"height\":55,\"caption\":\"Vskills\"},\"image\":{\"@id\":\"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/vskills.in\/\",\"https:\/\/x.com\/vskills_in\",\"https:\/\/www.linkedin.com\/company-beta\/1371554\/\",\"https:\/\/www.youtube.com\/channel\/UCMWnscxPwRF_PqXo9B7q_Tw\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SQL Injection Attack - Tutorial","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.vskills.in\/certification\/tutorial\/sql-injection-attack\/","og_locale":"en_US","og_type":"article","og_title":"SQL Injection Attack - Tutorial","og_description":"SQL Injection is a security vulnerability in which an attacker submits a database SQL command which is executed by the web site, exposing the back-end database. The attack takes place if, the web site or web application does not validate user-supplied data given with a SQL command or query which tricks the tricks the web...","og_url":"https:\/\/www.vskills.in\/certification\/tutorial\/sql-injection-attack\/","og_site_name":"Tutorial","article_publisher":"https:\/\/www.facebook.com\/vskills.in\/","article_modified_time":"2024-04-12T08:59:03+00:00","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/sql-injection-attack\/","url":"https:\/\/www.vskills.in\/certification\/tutorial\/sql-injection-attack\/","name":"SQL Injection Attack - Tutorial","isPartOf":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#website"},"datePublished":"2021-02-05T08:44:37+00:00","dateModified":"2024-04-12T08:59:03+00:00","breadcrumb":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/sql-injection-attack\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.vskills.in\/certification\/tutorial\/sql-injection-attack\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/sql-injection-attack\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.vskills.in\/certification\/tutorial\/"},{"@type":"ListItem","position":2,"name":"SQL Injection Attack"}]},{"@type":"WebSite","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#website","url":"https:\/\/www.vskills.in\/certification\/tutorial\/","name":"Tutorial","description":"Vskills - A initiative in elearning and certification","publisher":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.vskills.in\/certification\/tutorial\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#organization","name":"Vskills","url":"https:\/\/www.vskills.in\/certification\/tutorial\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/","url":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg","contentUrl":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-content\/uploads\/2017\/07\/vskills-min-logo.jpg","width":73,"height":55,"caption":"Vskills"},"image":{"@id":"https:\/\/www.vskills.in\/certification\/tutorial\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/vskills.in\/","https:\/\/x.com\/vskills_in","https:\/\/www.linkedin.com\/company-beta\/1371554\/","https:\/\/www.youtube.com\/channel\/UCMWnscxPwRF_PqXo9B7q_Tw"]}]}},"_links":{"self":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages\/106382","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/comments?post=106382"}],"version-history":[{"count":1,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages\/106382\/revisions"}],"predecessor-version":[{"id":106383,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/pages\/106382\/revisions\/106383"}],"wp:attachment":[{"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/media?parent=106382"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/categories?post=106382"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vskills.in\/certification\/tutorial\/wp-json\/wp\/v2\/tags?post=106382"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}