ELI5: What is SQL Injection?
A website asks for your name, but instead you type a sneaky command that talks directly to the website’s filing cabinet (database). Suddenly you can read, change, or delete other people’s information.
Definition
SQL injection is one of the most critical and common web application vulnerabilities, occurring when attacker-supplied SQL code is inserted into application queries without proper sanitization, causing the database to execute unintended commands. Successful SQL injection can allow attackers to read sensitive data, modify or delete records, bypass authentication, and in some cases, execute operating system commands.
Key Details
- Classic bypass:
' OR '1'='1in a login form causes the WHERE clause to always evaluate true—bypasses authentication. - UNION-based:
' UNION SELECT username, password FROM users--appends additional query results to the response. - Error-based: Forces database error messages that reveal schema and data.
- Primary mitigation: Parameterized queries / prepared statements—separates SQL code from user data; input is treated as data, never executed as SQL.
- Consistently in the OWASP Top 10; automated scanners (sqlmap) can exploit SQLi automatically.
Connections
- Parent: injection-attacks — the most prevalent injection attack type
- See also: blind-sql-injection, parameterized-queries-prepared-statements