SQL Tutorial

SQL Tutorial SQL Introduction SQL Syntax SQL Data Types SQL OPERATORS SQL COMMANDS SQL Queries

SQL Database

SQL Create Database SQL DROP Database SQL SELECT Database

SQL Table

SQL TABLE SQL CREATE TABLE SQL COPY TABLE SQL ALTER TABLE SQL DELETE SQL TRUNCATE TABLE SQL DROP TABLE SQL UPDATE TABLE SQL INSERT TABLE

SQL SELECT

SQL SELECT Statement SQL SELECT WHERE Clause SQL SELECT IN Operator SQL BETWEEN Operator SQL SELECT BETWEEN Operator SQL SELECT AND Operator SQL SELECT OR Operator SQL SELECT LIKE Operator SQL SELECT DISTINCT SQL SELECT SUM SQL SELECT MAX SQL SELECT MIN SQL SELECT AVG

SQL Clause

SQL WHERE Clause SQL GROUP BY CLAUSE SQL ORDER BY Clause SQL HAVING Clause

SQL INSERT

SQL INSERT Statement SQL INSERT INTO Statement SQL INSERT INTO Values SQL INSERT INTO SELECT SQL Insert multiple rows

SQL JOIN

SQL JOIN SQL Inner Join SQL Left Join SQL Right Join SQL Full Join SQL CROSS Join

SQL OPERATOR

SQL Comparison SQL LOGICAL Operator SQL Cast Operator SQL Arithmetic

Difference

SQL vs NOSQL WHERE vs HAVING DELETE vs DROP GROUP BY vs ORDER BY DROP vs TRUNCATE SQL IN vs SQL EXISTS Difference between Delete, Drop and Truncate in SQL

MISC

SQL SubQuery SQL CASE Commit and Rollback in SQL Pattern Matching in SQL DDL Commands in SQL DML Commands in SQL Types of SQL Commands SQL COUNT SQL Primary Key SQL FOREIGN KEY SET Operators in SQL Check Constraint in SQL SQL EXCEPT SQL VIEW SQL WHERE Statement SQL CRUD Operation Where Condition in SQL TCL Commands in SQL Types of SQL JOINS SQL Nth Highest Salary SQL NOT OPERATOR SQL UNION ALL SQL INTERSECT SQL Data Definition Language SQL Data Manipulation Language SQL Data Control Language SQL CONSTRAINTS SQL Aggregate Operators SQL KEYS Codd’s Rules in SQL What is SQL Injection? Trigger In SQL SQL WHERE Multiple Conditions Truncate function in SQL SQL Formatter WEB SQL SQL Auto Increment Save Point in SQL space() function in SQL SQL Aggregate Functions SQL Topological Sorting SQL Injection SQL Cloning Tables SQL Aliases SQL Handling Duplicate Update Query in SQL Grant Command in SQL SQL SET Keyword SQL Order BY LIMIT SQL Order BY RANDOM

How To

How to use the BETWEEN operator in SQL How To Use INNER JOIN In SQL How to use LIKE in SQL How to use HAVING Clause in SQL How to use GROUP BY Clause in SQL How To Remove Duplicates In SQL How To Delete A Row In SQL How to add column in table in SQL ? How to drop a column in SQL? How to create a database in SQL? How to use COUNT in SQL? How to Create Temporary Table in SQL? How to Add Foreign Key in SQL? How to Add Comments in SQL? How To Use Group By Clause In SQL How To Use Having Clause In SQL How To Delete Column In Table How To Compare Date In SQL How index works in SQL How to calculate age from Date of Birth in SQL How to Rename Column name in SQL what-are-single-row-and-multiple-row-subqueries">What are single row and multiple row subqueries?

What is SQL Injection?

Introduction to SQL Injection

  • SQL injection is a vulnerability or a technique that might destroy the database of a website or a web application. It is one of the most widely used web-based attacks.  
  • The major objective of an SQL injection is to get access to the database of a website. So, for an SQL injection to work, one needs a web application that is connected to a database.
  •  Since, the database has all the data including the administrator password i.e., the login password of the owner, the attacker of the website can access the admin page to edit the website by filling a web form.
  • The web-form includes user name and passwords. When the user inputs something in the input field of the web form, the SQL SELECT query is implemented on the database.
  • The system tries to match the inputs i.e., the username and the password entered by the user with the username and password which is already stored in the database. If both the inputs are matched, then user gets the access else the access will be denied to the user.
  • There are certain websites which do not have the mechanism to block any other input. Such websites are vulnerable to SQL injection. In this case, any SQL query can be fed as input and the system will execute it.
  • For example, the attacker can input a query to download the entire database, delete the database, modify the database and make the condition always true. If a password condition is made always true, so no matters if any password is entered. For the password, system access the ones which are stored in the database, but if a query is made to drop the password table in the database, the system will start to take any password. In this way, the attacker can get access to the database easily. Now he can know all the passwords of the people logged in the website, the various tables and their contents, the internal structure of the website and any other information related to the website.
  • This method is called SQL injection in which you inject a query into the database to manipulate it and gain unauthorized access to it. This is the most dangerous type of website attack for an SQL based database.
  • One way to prevent such attacks is to block the unnecessary inputs other than the usernames and passwords.
  • SQL injection commands are made at run time. So avoid dynamic input commands. Prevent the database with web application firewall. Also, do not reveal any confidential information regarding the website to anyone.
  • Websites can suffer huge data and financial losses due to such SQL attacks.

Example:

Suppose, there is a web application with a database connected to it. This web application might be taking input from the user and storing the information onto the database or fetching the data from the database and displaying it to the user.

In either cases, there is an SQL query or database query that is generated on the web application which is send to the database and this query is executed on the database and relevant information is returned back to the web application. This is how the normal scenario works.

So, when the attacker uses SQL injection, he tries to manipulate this database query in order to make it do something that it is ideally not supposed to do. So, the attacker changes the SQL query, manipulates it, he injects some malicious string in the SQL query and then make it do something in unauthorized way. So now the database query is manipulated by the attacker, then this malicious query is sent to the database, it is executed there and the relevant results are returned.

This is known as SQL injection. SQL injection is a code injection technique used to execute malicious and dynamic SQL statements. SQL attacks are something that the attacker uses to take control over database servers.

How to prevent SQL injection

  1. Avoid using dynamic SQL

The inputs provided by the user should not be directly placed into the SQL query that will be operated on the database. Instead of using dynamic SQL, one should make use of stored procedures, prepared statements and parameterized queries as they are safer as compared with dynamic SQL queries.

  •  User provided inputs must be sanitized

The type of data which will be provided by the user must be properly matched and verified with the expected type.

  • Sensitive data should not be in plaintext

Before storing the confidential data such as passwords into the database, it should be properly encrypted with hashes. Salting must be applied to the encrypted hashes to provide an extra layer of security to the confidential data.

  • Database errors should not be displayed directly to the user

Error information displayed to the attacker might help him to get information about the database.