Definition:
An SQL injection is a computer attack in which malicious code is entered in a poorly designed application and then passed to the database. The malicious data then produces database query results or actions that should never have been executed.
Why someone would use it:
Hackers frequently use SQL injection as a means of attacking and taking over databases. They could use this to and find their password log in to someones account
Examples:
' OR EXISTS(SELECT * FROM
users WHERE username='user1' AND password LIKE
'*w*') AND ''='
The above code would find if the letter w was in user1's password.
No comments:
Post a Comment