A Beginner’s Introduction To SQL Injections.

What is SQL and a Database

SQL (Structured Query Language) is a language for managing data inside a database.

What is an SQL Injection?

SQL injection is a web security vulnerability that allows an attacker to alter the SQL queries made to manage the database. This attack can be used to retrieve sensitive information, like the structure of the database: tables, columns and their underlying data. Allowing the attacker to change the identity of the user, tamper with existing data, or for example void transactions and change balances. An SQL injection can allow the complete disclosure of all data on a system and can give the ability to destroy the data or make it otherwise unavailable.

How an SQL injection occurs

To make an SQL Injection attack, an attacker must first find vulnerable code that the developer inputs within the web page or web application.

Some common SQL injection examples include

· Retrieving hidden data, where the attacker is able to modify an SQL query to return additional results.

Large scale damage

SQL injections can be disastrous, providing unlimited database access for any attacker skilled enough to successfully execute it .

Be cautious and prevent and SQL injection

There are many ways to prevent an SQL injection, for example the developer should never construct a query directly using a user’s sensitive information. Instead, the developer should use Parameterized Statements, sanitize the user input, and do proper input validation.