What is SQL Injection?

✓ 🍋

Все инструменты Руководства 76 Глоссарий 65 Форматы файлов 131 Сценарии использования 302 API

SQL Injection

SQL Injection Attack

Inserting malicious SQL code into application queries to access, modify, or delete database data.

Техническая деталь

SQL Injection occurs when user input is concatenated directly into SQL queries. Example: ' OR 1=1 -- turns a login query into 'SELECT * FROM users WHERE password = '' OR 1=1'. The primary defense is parameterized queries (prepared statements) where the database engine separates SQL logic from data values. ORM frameworks (Django ORM, SQLAlchemy, Prisma) generate parameterized queries automatically. Additional defenses: least-privilege database accounts, input validation, and WAF (Web Application Firewall) rules.

Пример

```javascript
// SQL Injection — Web Crypto API example
const data = new TextEncoder().encode('sensitive data');
const hash = await crypto.subtle.digest('SHA-256', data);
const hex = Array.from(new Uint8Array(hash))
  .map(b => b.toString(16).padStart(2, '0')).join('');
```

Связанные форматы

.sql

Связанные инструменты

P Password Generator P Password Strength Checker H Hash Generator H HMAC Generator A AES Encrypt / Decrypt R Random String Generator C CSP Header Generator T Text Redactor C CORS Header Generator S SRI Hash Generator B Base64 Encoder / Decoder Д Декодер JWT Г Генератор UUID T TOTP Configurator S SQL Formatter S SSL Certificate Decoder

Связанные термины

AES Checksum Command Injection Certificate Pinning Argon2 CORS Misconfiguration SQL 2FA Clickjacking