SQL Injection Vulnerability & How to Prevent it? | Devstringx Technologies

  • * (asterisk) is an instruction for SQL database to return all columns for the selected database row
  • = (equals) is an instruction for SQL database to only return values that match the searched string
  • ‘ (single quote mark) is used to tell SQL database where the search string starts or ends
  • ; (semicolon) is used to instruct the SQL parser that the current statement has ended (not necessary in most of the cases)
  • - (double hyphen) instructs SQL parser that the rest of the line is a comment and should not be executed

Boolean-Based SQL Injection:

Time-Based SQL Injection

Out-of-Band SQL Injection Vulnerability:

Impacts of SQL Injection Vulnerability:

  • Add, delete, edit or read content in the databases
  • Read source codes from files on the database server
  • Write files to the database servers

Using Prepared Statements as SQL Injection Prevention

Example and Explanation of an SQL Prepared Statements:

Non Development Related SQL Injection Protection:

The Truth About SQL Injection Web Vulnerability:

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store