SQL injection
Interacting with a backend database to retrieve and write data is one of the most critical tasks performed by a web application. Relational databases that store the data in a series of tables are commonly used to accomplish this. Querying the data from the backend database is done using SQL.
The input taken from cookies, input forms, and URL variables are used to build SQL statements that are passed back to the database for processing. As user input is involved in building the SQL statement, the developer of the application needs to carefully validate it before passing it to the backend database.
SQL statements
In order to understand the SQL injection flaw, you need have some knowledge of SQL. The structured query language allows the developer to perform the following actions on the database:
Statement |
Description |
---|---|
|
It allows information to be retrieved from the database |
|
It allows modification of existing data in the database |
|
It allows inserting... |