![[ t ]](/images/structural/icon_twitter.gif){kind=icon}
SQL Injection Example
The Best of Both Worlds: This Daily WTF is about something else, but it includes this bit in the intro that will make you think about SQL injection attacks. Ponder this.
If you’ve ever worked with a database, chances are you know the difference between “dynamic queries” and “parameterized quires”. In the former, you just concatenate a value to your query string (“where col=’” val “’”) and cross your fingers that val isn’t “’; drop database —”.
What This Links To
SQL Injection Attack Primer
SQL Injection Attacks by Example: This is a fantastic, step-by-step example of a SQL injection attack. If you've heard of these, but not quite understood what they are, then read this. "SQL Injection" is subset of the an unverified/unsanitized user input vulnerability ("buffer overflows" are a different subset), and the…
Comments
um, i don't care if its drop database -- or select password where root, that query would break as the variable 'val' is being compared to what the field is.
what you need to be concerned with, is if they can add quotes to the val to make it:
select * from table where col='data OR '%''
Add Comment
- Eco-Friendly Buildings by Alice Cullen, 39 minutes ago
- Registering URL Protocols by Trasmatte, 13 hours, 21 minutes ago
- Installshield Update Manager by karin, 13 hours, 55 minutes ago
- Registering URL Protocols by walkaround82, 17 hours ago
- Registering URL Protocols by drecerabeve, 23 hours, 10 minutes ago
- Show 5 more »
- The $25,000 Apple Mac Pro by Dave in 2008
- Over Halfway There by Deane in 2007
- How do you pronounce "pwned"? by Deane in 2007
- PHP Easter Egg by Deane in 2006
- The Dual Layer DVD+R is Here by Matt in 2004
- Show 0 more »