Scribd
Upload
18 views5 pages

SQL Injection Explained

Uploaded by

silaswp3
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views5 pages

SQL Injection Explained

Uploaded by

silaswp3
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

Page 1 of 5

SQL HTML CSS Javascript Python Java C C++ PHP Scala C#

SQL - Injection

If you take a user input through a webpage and insert it into an SQL database, there is a chance that
you have left yourself wide open for a security issue known as the SQL Injection. This chapter will
teach you how to help prevent this from happening and help you secure your scripts and SQL
statements in your server side scripts such as a PERL Script.

SQL Injection

SQL Injection is a type of security attack that exploits a vulnerability in a database by executing
malicious queries. This will allow attackers to access sensitive data, tamper it and also delete it
permanently.

Injection usually occurs when you ask a user for input, like their name and instead of a name they give
you a SQL statement that you will unknowingly run on your database. Never trust user provided data,
process this data only after validation; as a rule, this is done by Pattern Matching.

Example

In the example below, the name is restricted to the alphanumerical characters plus underscore and to
a length between 8 and 20 characters (you can modify these rules as needed).
Powered by:

if (preg_match("/^\w{8,20}$/", $_GET['username'], $matches)) {


$result = mysqli_query("SELECT * FROM CUSTOMERS
Page 2 of 5

WHERE name = $matches[0]");


} else {
echo "user name not accepted";
}

To demonstrate the problem, consider this excerpt −

// supposed input
$name = "Qadir'; DELETE FROM CUSTOMERS;";
mysqli_query("SELECT * FROM CUSTOMSRS WHERE name='{$name}'");

The function call is supposed to retrieve a record from the CUSTOMERS table where the name column
matches the name specified by the user. Under normal circumstances, $name would only contain
alphanumeric characters and perhaps spaces. But here, by appending an entirely new query to $name,
the call to the database turns into disaster; the injected DELETE query removes all records from the
CUSTOMERS table.

Fortunately, if you use MySQL, the mysqli_query() function does not permit query stacking or
executing multiple SQL queries in a single function call. If you try to stack queries, the call fails.

However, other PHP database extensions, such as SQLite and PostgreSQL happily perform stacked
queries, executing all the queries provided in one string and creating a serious security problem.

Preventing SQL Injection

You can handle all escape characters smartly in scripting languages like PERL and PHP. The MySQL
extension for PHP provides the function mysql_real_escape_string() to escape input characters that
are special to MySQL.

if (get_magic_quotes_gpc()) {
$name = stripslashes($name);
Powered by:
}
$name = mysql_real_escape_string($name);
mysqli_query("SELECT * FROM CUSTOMERS WHERE name='{$name}'");
Page 3 of 5

The LIKE Quandary

To address the LIKE quandary, a custom escaping mechanism must convert user-supplied '%' and '_'
characters to literals. Use addcslashes(), a function that lets you specify a character range to escape.

$sub = addcslashes(mysql_real_escape_string("%str"), "%_");


// $sub == \%str\_
mysqli_query("SELECT * FROM messages
WHERE subject LIKE '{$sub}%'");

TOP TUTORIALS

Python Tutorial

Java Tutorial

C++ Tutorial

C Programming Tutorial

C# Tutorial

PHP Tutorial

R Tutorial

HTML Tutorial

CSS Tutorial

JavaScript Tutorial

SQL Tutorial

TRENDING TECHNOLOGIES

Cloud Computing Tutorial

Amazon Web Services Tutorial

Microsoft Azure Tutorial

Git Tutorial

Ethical Hacking Tutorial

Docker Tutorial

Kubernetes Tutorial

DSA Tutorial
Powered by:
Spring Boot Tutorial

SDLC Tutorial

Unix Tutorial
Page 4 of 5

CERTIFICATIONS

Business Analytics Certification

Java & Spring Boot Advanced Certification

Data Science Advanced Certification

Cloud Computing And DevOps

Advanced Certification In Business Analytics

Artificial Intelligence And Machine Learning

DevOps Certification

Game Development Certification

Front-End Developer Certification

AWS Certification Training

Python Programming Certification

COMPILERS & EDITORS

Online Java Compiler

Online Python Compiler

Online Go Compiler

Online C Compiler

Online C++ Compiler

Online C# Compiler

Online PHP Compiler

Online MATLAB Compiler

Online Bash Compiler

Online SQL Compiler

Online Html Editor

ABOUT US | OUR TEAM | CAREERS | JOBS | CONTACT US | TERMS OF USE |

PRIVACY POLICY | REFUND POLICY | COOKIES POLICY | FAQ'S

Powered by:
Page 5 of 5

Tutorials Point is a leading Ed Tech company striving to provide the best learning material on technical
and non-technical subjects.

© Copyright 2025. All Rights Reserved.

Powered by:

You might also like