SQL Injection
Definition
SQL Injection (SQLi) is a type of injection attack that makes it possible to execute malicious SQL statements. These statements control a database server behind a web application. Attackers can use SQL Injection vulnerabilities to bypass application security measures.
Why It Matters
SQL Injection is a classic and highly dangerous web application vulnerability. A successful attack can result in unauthorized access to sensitive data, such as passwords, credit card details, or personal user information, and can even allow an attacker to take control of the database server.
Contextual Example
A website has a login form that constructs a SQL query like: `SELECT * FROM users WHERE username = '[USERNAME]' AND password = '[PASSWORD]'`. An attacker enters `' OR 1=1; --` as the username. The resulting query becomes `SELECT * FROM users WHERE username = '' OR 1=1; --' AND password = '...'`, which always evaluates to true, logging the attacker in without a password.
Common Misunderstandings
- The primary defense against SQL Injection is to use "prepared statements" or "parameterized queries," which separate the SQL command from the user-provided data.
- It remains one of the most common and damaging types of web vulnerabilities.