What Is SQL Injection?


Quick Answer

SQL injection is when an end user enters commands into a Web form's fields to interface directly with an SQL database. By entering commands such as SELECT instead of what the form asks for, a user can gain unauthorized access to read or alter private information.

Continue Reading
Related Videos

Full Answer

When a user submits data through a form, the Web server attempts to process what the user entered in the form's fields. If the developer who wrote the form did not adhere to proper sanitization and security procedures, the Web server may see the SQL command entered in the form and may attempt to process it as if it were a command from the website's code itself. A well-crafted attack allows users to read data from the SQL server's tables that they should not be allowed to see, insert their own records, remove fields or even destroy the database itself.

Learn more about Software

Related Questions