Computerhelp4all logo Articles AboutTopicsQuizzesComputer Questions & AnswersComputer Terms & DefinitionsActivitiesContact

Home > Articles > Computer Terms & Definitions > Cybersecurity > Threats To Systems, Data & Information

What Is SQL Injection?

What Is SQL Injection

Date First Published: 30th August 2023

Topic: Cybersecurity

Subtopic: Threats To Systems, Data & Information

Article Type: Computer Terms & Definitions

Difficulty: Advanced

Difficulty Level: 8/10

Learn about what SQL injection is in this article.

SQL injection is a website vulnerability that allows an attacker to interfere with the SQL queries made to a database. It happens when a user is asked for input, like their username, and the user provides an SQL statement that will unknowingly run on the database. This is often done to steal sensitive information, like passwords and financial details, spoof and modify data, and even destroy whole databases.

Example Of An SQL Injection Attack

A simple example of an SQL injection attack can be seen below:

An attacker wants to manipulate a standard SQL query. They send a true statement to the login of the website. For example, a username and password with ' or '1'='1' or ' or 'a'='a' grants access since these statements are very likely to be true unless the username is only made up of symbols. The attacker might get access to all the usernames and passwords in the database by inserting this in the input field.

How To Prevent SQL Injection?

SQL injection can be prevented in the following ways:

  • Properly encoding, escaping, and sanitising submitted data. This will prevent user input from containing SQL queries.
  • Only accepting necessary data. For example, if a field is for a surname, only the letters A-Z should be accepted and numbers and special characters should be automatically removed.
  • Using a web application firewall (WAF). This can detect and prevent incoming requests for potentially malicious signatures and character sequences.
  • Using prepared SQL statements with parameterised queries. Where possible, developers should implement prepared statements so that a database will treat malicious SQL statements as data rather than commands.
  • Keeping the web server software up to date. Updates can include fixes for vulnerabilities, reducing the chances of attackers finding any vulnerabilities they can exploit.
  • Avoiding leaving sensitive data in plaintext. To keep sensitive data secure, it should be hashed. This provides a level of protection in case an attacker successfully gains access to the database.


Feedback

  • Is there anything that you disagree with on this page?
  • Are there any spelling, grammatical, or punctuation errors on this page?
  • Are there any broken links or design errors on this page?

If so, it is important that you tell me as soon as possible on this page.


Comments

What Is Computerhelp4all?

  • Computerhelp4all is a site with articles for everyone about the topic of computing, as suggested in the name '4all'.


Featured Articles

Featured Quizzes

Topics

Computer Networking Cybersecurity Computer Systems Web Design & Development

Subtopics

Network Services Network Setups Network Standards Network Hardware Network Identifiers Network Software Internet Protocols Internet Organisations Data Transmission Technologies Web Development Web Design Web Advertising Web Applications Web Organisations Web Technologies Web Services SEO Threats To Systems, Data & Information Threats To Individuals Security Mechanisms & Technologies Computer Hardware Computer Software Ethics & Sustainability Legislation & User Data Protection

Activities

Wordsearches Unscramble Words Knowledge Questions

Difficulty

Easy articles Medium articles Advanced articles

Follow Computerhelp4all


Facebook Logo
RSS Logo
YouTube Logo

Search



Related Articles





© 2022-2024 Computerhelp4all | Home | About | Privacy Policy | Cookie Policy | Terms of Use | Facebook | Twitter | RSS Feeds | YouTube