SQL Injection
A web security vulnerability where attackers insert malicious SQL code into a query to manipulate the database.
Also: SQLi
Definition
SQL injection (SQLi) is a web security vulnerability that allows attackers to interfere with the queries an application makes to its database by inserting malicious SQL code through user input fields. Successful attacks can allow attackers to retrieve sensitive data, modify or delete data, perform administrative database operations, and sometimes execute commands on the server. SQL injection remains one of the most common and dangerous web vulnerabilities. Prevention requires parameterized queries, prepared statements, and input validation.
Example
“Entering ' OR '1'='1 into a login form exploits SQL injection to bypass authentication by making the query always evaluate as true.”
Synonyms
- SQLi
- database injection attack
- query injection
Antonyms / Opposites
- parameterized query
- prepared statement
- input sanitization
Images
CC-licensed · free to useVideo
Related Terms
- penetration-testing
- owasp
- prepared-statement
- database