What Is SQL Injection By albro

what is SQL Injection

In this post, I'm going to examine attacks called SQL Injection attacks.

What is SQL Injection?

When it comes to SQL Injection, many web programmers and website administrators are afraid and think that they're dealing with a very complicated topic! So first of all I have to tell you that there is nothing to worry about. All you have to do is get rid of some bad habits and learn some new ones. In other words, we don't need any special operation and complex design, but we should write our queries in the appropriate format and based on the correct format so that they are completely safe. simply!

Unfortunately, although preventing SQL Injection is very simple, it is still one of the most common and important reasons for website hacking in the world. Part of the blame lies with webmasters who hire programmers who want lower salaries rather than those with more expertise. Another part of the blame lies with programmers who think that by learning programming commands, they will become programmers and do not make any effort to maintain the security of a website, instead they take their rights and quickly deliver the website. Try to be ethical and do not make and sell in your job.

Technically, SQL Injection is:

SQL injection is a code injection technique, used to attack data-driven applications, in which nefarious SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the attacker)

But if I want to say in simpler language:

SQL Injection is an exploit of improperly formatted SQL queries. The root of this type of attack is the combination of code and data.

In fact, SQL queries are a program just like PHP scripts, but the difference is that we build this program dynamically and add things to it as we go (which is usually from the user's side). In such a situation, it is natural that some codes change the structure of our program or disrupt its execution. Such a situation occurs only when we have not formatted our query correctly.

The following image is one of the jokes of users and programmers regarding SQL Injection, which has been spread in cyberspace:

exploits of a mom

If you have a little familiarity with SQL Injection, you will understand the joke of this picture, but if you don't understand anything, that's okay. I want to make an example about SQL Injection based on this joke! To understand this joke, you should know that SQL Injection attacks occur from the user's side and with the user's data. For example, you want the user to give you some amount. For example, in a form you ask the user age or name, or in the login form you ask for a user account and password, or even in the comments, you ask users for their opinion. Now suppose one of our queries is as follows:

txtUserId = getRequestString("UserId");
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;

The programming logic in SQL is such that the expression 1=1 is always considered true. Now suppose we ask the user to give us a value (for example, username) and instead of typing that value, the user enters the expression 105 OR 1=1 in the form. In this case, our query will look like this:

SELECT * FROM Users WHERE UserId = 105 OR 1=1;

Do you see what happened? Based on the assumption that 1=1 is always correct, this query is also always correct and naturally it is always executed and returns all rows from the "users" table!!! Now, what if the users table had users' names and passwords or other important information? In this way, a beginner hacker can get all the information of your users!!

The same thing happened in the picture above and in the online form, instead of entering the student's name, the statement Bobby' DROP TABLE users was entered in the form. This statement will delete the users table and lose the information of all students! The following example is the same as the image above:

$name  = "Bobby';DROP TABLE users; -- ";
$query = "SELECT * FROM users WHERE name='$name'";

I have entered the name variable directly into the query, so this query turns into the following malicious code:

SELECT * FROM users WHERE name='Bobby';DROP TABLE users; -- '

Although this situation is called SQL Injection among programmers, its practical reality is an unformatted string. Our query does not have the correct structure and format, and this is the reason for deleting the entire table and this SQL Injection.

Let's go to another example:

$id    = "1; DROP TABLE users;"
$id    = mysqli_real_escape_string($link, $id);
$query = "SELECT * FROM users where id = $id";

In this example, we have asked the user to give us the ID or username and we have put it in the id variable. Then we have cleaned it using the mysqli_real_escape_string function and finally it has been executed. This query becomes the following safe query:

SELECT * FROM users WHERE id =1;DROP TABLE users; -- '

Although the above code does not cause any danger, the discussion here is not only about whether it is dangerous or not. Imagine a boy named Leo O'Hara and he wants to enroll in the school system. If we do not correct our query format, we will encounter the following code:

INSERT INTO users SET name='Leo O'Hara'

Because of the sign ' in this boy's family, we encounter a grammatical error.

 

[Hive: @albro]



0
0
0.000
2 comments
avatar

Congratulations!


You have obtained a vote from CHESS BROTHERS PROJECT

✅ Good job. Your post has been appreciated and has received support from CHESS BROTHERS ♔ 💪


♟ We invite you to use our hashtag #chessbrothers and learn more about us.

♟♟ You can also reach us on our Discord server and promote your posts there.

♟♟♟ Consider joining our curation trail so we work as a team and you get rewards automatically.

♞♟ Check out our @chessbrotherspro account to learn about the curation process carried out daily by our team.


🥇 If you want to earn profits with your HP delegation and support our project, we invite you to join the Master Investor plan. Here you can learn how to do it.


Kindly

The CHESS BROTHERS team

0
0
0.000
avatar

Thanks for your contribution to the STEMsocial community. Feel free to join us on discord to get to know the rest of us!

Please consider delegating to the @stemsocial account (85% of the curation rewards are returned).

You may also include @stemsocial as a beneficiary of the rewards of this post to get a stronger support. 
 

0
0
0.000