SQL Injection – Primer
Reading time: 1 – 2 minutes
Photo: XKCD
SQL Injection is an injection flaw where a web application allows a user to send un-sanitized input into a SQL query.
The textbook example is that a web application has a username field that inserts the user’s input into the following SQL query:
statement = "SELECT * FROM users WHERE name = '" + userName + "';"
The user then types a' or '1'='1 into the username field. This creates the following SQL statement:
SELECT * FROM users WHERE name = 'a' or '1'='1'
If the statement variable is used for the authentication procedure then the evaluation of the SQL statement will always be true.
An attacker can cause damage if they appended something like, '; DROP TABLE users;--
This would produce the following SQL statement:
statement = "SELECT * FROM users WHERE name = ''; DROP TABLE users;--';
Which would result in the users table being deleted from the Database.
