Scribd Logo
Upload

Welcome to Scribd!

  • Ikramul Hossain191!15!2505

    Uploaded by

    IKRAMUL HOSSAIN 191-15-2505
    4 views9 pages
    This document discusses SQL injection and how to prevent it. [1] SQL injection occurs when malicious code is submitted through a webpage's input and executed in a database. [2] It allows hackers to alter intended SQL queries and potentially compromise security. [3] The most effective prevention is using SQL parameters instead of concatenating user input directly into queries.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document discusses SQL injection and how to prevent it. [1] SQL injection occurs when malicious code is submitted through a webpage's input and executed in a database. [2] It allows hackers to alter intended SQL queries and potentially compromise security. [3] The most effective prevention is using SQL parameters instead of concatenating user input directly into queries.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    4 views9 pages

    Ikramul Hossain191!15!2505

    Uploaded by

    IKRAMUL HOSSAIN 191-15-2505
    This document discusses SQL injection and how to prevent it. [1] SQL injection occurs when malicious code is submitted through a webpage's input and executed in a database. [2] It allows hackers to alter intended SQL queries and potentially compromise security. [3] The most effective prevention is using SQL parameters instead of concatenating user input directly into queries.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 9

    Assignment ON

    SQL Injection

    Course Code : CSE311


    Course Tittle: Database Management System

    Submitted To:
    Faisal Ahmad
    Department of CSE
    Daffodill International University

    Submitted By:
    IKRAMUL HOSSAIN 191-15-2505
    PC-C

    Daffiodill International University


    Submission Date: 17-08-2021
    SQL Injection is a code injection technique that
    can destroy your database.

    SQL Injection is the input / submission of bad


    (malicious) code in the database through
    webpage.
    Here, SQL Injection is one of the web site hacking
    strategies.

    Use of SQL on web pages:


    In previous chapters we have learned how to
    update and restore database information using
    SQL.

    Users of web pages are often allowed to use their


    own search values that they can use to display
    information on web pages.

    Since SQL statements are text only, the user can


    easily change the SQL code dynamically:
    SQL Injection occurs only when you allow the user
    to input information from the webpage. For
    example, you ask the user to input his name / ID,
    but instead of the name / ID he inputs the
    following SQL command as input and which you
    run into your database without your knowledge.

    solidUserId = getRequestString ("User_Id");


    solidSQL = "SELECT * FROM Total_Users
    WHERE User_Id = "+ solidUserId;

    In the example above, by adding the solidUserId


    variable to the select string, a SELECT statement is
    created which takes the data input from the user
    and brings the relevant information from the
    database.

    SQL Injection:
    SQL Injection is a technique that can inject SQL
    commands into web pages with bad code input.

    Injected SQL commands may replace previous SQL


    commands that compromise the security of web
    applications.

    Always true based on SQL Injection 1 = 1


    Notice once again in the example above, the main
    purpose of that code was to create a SQL
    statement to select a user using the user ID.

    If the user is not prevented from providing


    incorrect input, the user will enter some smart
    input as follows:
    SELECT * FROM Total_Users WHERE User_Id = 103
    or 1 = 1

    The above code is a valid SQL statement. Since


    WHERE 1 = 1 is always true, so it will return all the
    information from the user table.
    Does the example above seem dangerous to you?
    Imagine for a second you were transposed into
    the karmic driven world of Earl.

    The following SQL statement is very similar to the


    above statement:

    SELECT User_Id, User_Name, User_Pass


    FROM Total_Users WHERE User_Id = 103 or 1 = 1

    In this case, a smart hacker can easily access all


    the information of the user from the database by
    inputting 103 or 1 = 1 in the input field.
    SQL Injection is always true based on "" = ""
    The following is a simple HTML form to verify user
    login:

    User_Name = getRequestString ("User_Name");


    User_Pass = getRequestString ("User_Pass");
    sql = "SELECT * FROM Total_Users WHERE
    User_Name = '" + User_Name + "'
    AND User_Pass = '"+ User_Pass +"' "

    In this case, a smart hacker can easily access all


    the information of the user from the database by
    inputting the "OR" = "" in the input field.

    The server code will generate a valid SQL


    statement as follows:
    SELECT * FROM Total_Users WHERE User_Name =
    "" or "" = ""
    AND User_Pass = "" or "" = ""
    The above statement is a valid SQL statement.
    This will return all user information from the table
    where WHERE "" = "" is always true.

    SQL Injection based on Batched SQL statement


    Most databases support batch SQL statements. A
    batch SQL statement is a combination of two or
    more SQL statements. Semicolons are used to
    separate one statement from another.

    Example:
    SELECT * FROM Total_Users;
    DROP TABLE Users_Student;
    The SQL statement above will return all the
    information in the "Total_Users" table and delete
    the "Users_Student" table.

    Suppose we have the following server code:


    Server code:
    solidUserId = getRequestString ("User_Id");
    solidSQL = "SELECT * FROM Total_Users WHERE
    User_Id =" + solidUserId;

    Then a valid SQL statement will be created on the


    server as follows:

    Results:

    SELECT * FROM Total_Users WHERE UserId = 103;


    DROP TABLE Users_Student;

    Use parameters for protection


    Some web developers "blacklist" certain words or
    characters. Hackers should not use these words or
    characters as SARS parameters in the input field
    to cause SQL injection.
    This is not a very effective method. Some words,
    such as delete or drop, and some characters, such
    as semicolons (;) or quotes (""), are used in all SQL
    languages. So these words or characters should
    agree to the input.

    The most effective and accurate way to prevent


    SQL injection attacks is to use SQL parameters.

    The SQL parameter is the value that is added


    when performing SQL queries. It acts as a
    controller for SQL.

    You might also like