Home >Database >Mysql Tutorial >what is sql injection vulnerability

what is sql injection vulnerability

清浅
清浅Original
2019-05-11 10:01:179511browse

SQL injection vulnerability refers to inserting maliciously entered SQL commands into Web form submissions or entering query strings for domain names or page requests, ultimately tricking the server into executing malicious SQL commands

SQL injection vulnerability

As the name suggests, SQL injection vulnerability allows attackers to inject malicious input into SQL statements. To fully understand this problem, we first have to understand how server-side scripting languages ​​handle SQL queries.

For example, suppose a function in a web application generates a string using the following SQL statement:

$statement = "SELECT * FROM users WHERE username = 'bob' AND password = 'mysecretpw'";

This SQL statement is passed to a function that sends the string to the connected A database where it is parsed, executed and the results returned.

You may have noticed that this statement contains some new special characters:

  • * : is the SQL database instruction to return all columns of the selected database row

  • =: is an instruction for the SQL database to only return values ​​that match the searched string

  • ' : used to tell the SQL database to search for a string Start or end position

Now consider the following example where a website user can change the value of "$user" and "$password", for example in a login form:

$statement = "SELECT * FROM users WHERE username = '$user' AND password= '$password'";

If the application does not sanitize the input, the attacker can easily insert any special SQL syntax into the statement:

$statement = "SELECT * FROM users WHERE username = 'admin'; -- ' AND password= 'anything'";= 'anything'";
  • admin'; - : is the attacker's input, which contains two New special characters:

  • ; : Used to indicate to the SQL parser that the current statement has ended (not needed in most cases)

  • - : Instructs the SQL parser the remainder of the line

This SQL injection effectively removes password validation and returns the existing user's dataset, in this case " admin" attacker can now log in using an administrator account without specifying a password.

The above is the detailed content of what is sql injection vulnerability. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Related articles

See more