DEV Community

loading...

Don't make your SQL requests like this! Dont get hacked: SQL Injection

Gabriel Lazcano
・1 min read

Link to original article with code snippets and videos (recommended): https://gabriellazcano.com/blog/dont-make-your-sql-requests-like-this-dont-get-hacked/

Introduction

So I’ve been learning SQL and something came to my mind. How safe is this, I won’t lie I’ve heard of SQL injections before but never really got into it. But now I know it’s really a dangerous tool if you are not doing things correctly, and the best way of preventing this is knowing how to do it. Also for what I’ve investigated it seems that a lot of sites are vulnerable to this kind of attacks so we have to make awareness of the topic.

The vulnerability

The vulnerability is because we are concatenating to the SQL request, making it possible for people to modify the request using their knowledge on how it works. This is further explained in the original article. Sorry for the inconvenience but I found it impossible to structure it here in dev.to

Discussion (0)