If you already know what SQL Injections are and do, you may want to skip the first paragraph of this guide as it is bringing everyone else up to speed. Wikipedia defines SQL injections in the following way: SQL injection is a security vulnerability that occurs in the database layer of an application. Its source is the incorrect escaping of dynamically-generated string literals embedded in SQL statements. It is in fact an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.
What does it mean in plain English? Attackers try to inject code in to websites by finding loopholes in scripts that run on the site. This can be a form on the website or any other script running on it that is not properly protected from these kind of injections.
The article "SQL Injection Walkthrough" helps you identify vulnerable scripts and explains the methods to test, verify and exploit those vulnerabilities. After reading the article you will have a basic understanding of the techniques used by attackers and if you follow the links given at the end you can dive deeper into the topic.
The guide is divided into the following chapters:
While being an introduction to SQL Injections, it is recommended to have at least some programming experience, as it makes it a lot easier to follow the guide since code examples are frequently used in the guide to explain the concepts. It should not be too difficult but basic understanding of SQL helps a lot.
Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.
We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats (video ads) or subscription fees.
If you like our content, and would like to help, please consider making a contribution:
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.