SQL INJECTION

RJ Solusoft

Today most of the websites use some kind of engine built on PHP, .NET, Ruby or some other language. Many of them are CMSes using databases to store information that might be used later. Most of these are some kind of SQL databases.

The most common SQL database is MySQL so all of the examples are in this language, but it’s with little modifications they are basically the same in other SQL languages.

Register

Let’s say we have an average website with registration, so it includes at least one input field and a submit button. Whatever the user writes in that field, the string will be posted to the server. After that the data will be stored in the database with the help of an SQL query. For the sake of simplicity let’s assume we accept two sting from the users: email and password.
So the query looks like this:

View original post 843 more words

Advertisements