Roshan Rathod
What are SQL Injections, how do you prevent them and what are the best practices?
By Roshan Rathod in PHP on Aug 16 2020
  • Santhosh Kumar Devanga
    Aug, 2020 21

    SQL injection is a technique that used the inline quiry paramers and destroy your database.
    Assume you want to get the User details based on the userId (from input textbox), then inline query will looks like this.

    Query : SELECT * FROM Users WHERE UserId = “ + txtUserId;

    If there is nothing to prevent a user from entering “wrong” input, the user can enter some “smart” input like this:

    If user pases txtUserId as “100 OR 1=1”, then query looks like
    SELECT * FROM Users WHERE UserId = 100 OR 1=1;

    The SQL above is valid and will return ALL rows from the “Users” table, since OR 1=1 is always TRUE

    SOLUTION : Use the stored Procedure in SQL

    • 2

Most Popular Job Functions