SQL Injection
✅ SQL Injection
Malicious SQL by a hacker to be transmitted to DB, attacking the data
😈 SQL Injection Attack
- Delete data attack
- when user logs in, inputs ID and password
- hacker would add SQL to when the ID, password is true, delete user
- results in unintended alternation of DB
- Reveal Data
- hacker intentionally makes error
- when the error appears, get additional message to know database design, use it for hacking
💊 Prevention
- When recieving input, check for typographical symbols
- add logic to prevent login when typographical symbols
$%()*?are input
- If SQL error occurs, hide error message
- prevent hacker from accessing DB
- prevent hacker from getting hints of DB architecture
- use preparestatement
- When preparestatement is used, typographical symbols are escaped
- thus, recieves
????instead of typographical symbols
This post is licensed under CC BY 4.0 by the author.