Roshan Rathod
What are SQL Injections, how do you prevent them and what are the best practices?
By Roshan Rathod in PHP on Aug 16 2020
  • Santhosh Kumar Devanga
    Aug, 2020 21

    SQL injection is a technique that used the inline quiry paramers and destroy your database.
    EX:
    Assume you want to get the User details based on the userId (from input textbox), then inline query will looks like this.

    Query : SELECT * FROM Users WHERE UserId = “ + txtUserId;

    If there is nothing to prevent a user from entering “wrong” input, the user can enter some “smart” input like this:

    If user pases txtUserId as “100 OR 1=1”, then query looks like
    SELECT * FROM Users WHERE UserId = 100 OR 1=1;

    The SQL above is valid and will return ALL rows from the “Users” table, since OR 1=1 is always TRUE

    SOLUTION : Use the stored Procedure in SQL

    • 2


Most Popular Job Functions


MOST LIKED QUESTIONS