SQL injection—an introduction
SQL injection is a database intrusion that occurs when an unauthorized "malicious" user hacks the PL/SQL code and draws unintended access to the database. Once the code has been cracked, the malicious user can pull out confidential information from the database. There can be many more hazardous consequences of code injection.
In 1998, Rain Forest Puppy (RFP) was the first to identify the "technology vulnerabilities" in his paper "NT Web Technology Vulnerabilities" for "Phrack 54". Later, the injective techniques were studied by many technology experts and evangelists to chalk out the best practices of code writing to dilute such acts. Till date, many application exploitation cases have been registered on account of code injection. For reference, check out http://www.computerworld.com.au/index.php/id;683627551. The applications working with personal information or financial data are more prone to injective attacks.
SQL injection—an overview
In the past, the reason...
