DEV Community

Golam_Mostafa
Golam_Mostafa

Posted on

1

SQL Injection (SQLi)

SQL Injection (SQLi) is a trick used by hackers to mess with websites. They add fake input into forms or URLs to access or steal data from a website's database.

How to Spot SQL Injection

  1. Single Quotes (''): Enter a single quote (') in a form or URL. If you see an error, the website might be vulnerable.
  2. Always True Condition: Try entering OR 1=1 (always true) or OR 1=2 (always false) and see if the site behaves differently.
  3. Delays: Use commands like SLEEP(5) to see if the page takes longer to load.
  4. External Calls: Test if your input makes the site connect to another server.

Example: Finding Hidden Items

For example:

https://example.com/products?category=Gifts
Enter fullscreen mode Exit fullscreen mode

The site might use this command to get the products:

SELECT * FROM products WHERE category = 'Gifts' AND released = 1;
Enter fullscreen mode Exit fullscreen mode

This hides unreleased items (released = 1 shows only ready products).

What Hackers Do:

They can change the URL to:

https://example.com/products?category=Gifts'--
Enter fullscreen mode Exit fullscreen mode

This changes the database query to:

SELECT * FROM products WHERE category = 'Gifts'--' AND released = 1;
Enter fullscreen mode Exit fullscreen mode

The -- ignores the rest of the query, showing all products, even hidden ones.

Example: Show Everything

Hackers can show all items, even unknown categories, by using:

https://example.com/products?category=Gifts'+OR+1=1--
Enter fullscreen mode Exit fullscreen mode

This creates a query like:

SELECT * FROM products WHERE category = 'Gifts' OR 1=1--' AND released = 1;
Enter fullscreen mode Exit fullscreen mode

Since 1=1 is always true, the database returns everything.

Example: Hacking a Login

Think of a login form that checks username and password. Normally, it might do this:

SELECT * FROM users WHERE username = 'user' AND password = 'pass';
Enter fullscreen mode Exit fullscreen mode

A hacker can enter this as the username:

user' OR '1'='1
Enter fullscreen mode Exit fullscreen mode

The query becomes:

SELECT * FROM users WHERE username = 'user' OR '1'='1' AND password = 'pass';
Enter fullscreen mode Exit fullscreen mode

Since 1=1 is always true, the hacker logs in without a password.

Be Careful

Testing SQLi is risky. Commands like OR 1=1 might delete or change important data if misused. Always handle websites and data responsibly.

To stay safe, websites must properly check user inputs and use secure coding practices.

Acknowledgment: This document references information from PortSwigger Web Security and ChatGPT.

profile
AWS
 Promoted

AWS Security LIVE!

Tune in for AWS Security LIVE!

Join AWS Security LIVE! for expert insights and actionable tips to protect your organization and keep security teams prepared.

Learn More

Top comments (0)

profile
Sentry
 Promoted

Sentry image

See why 4M developers consider Sentry, “not bad.”

Fixing code doesn’t have to be the worst part of your day. Learn how Sentry can help.

Learn more

Read next

dct_technologyprivatelimited profile image

7 Must-Try VS Code Extensions You Can’t Afford to Miss in 2025 🚀

DCT Technology -

sammyug7 profile image

Mastering CloudOps: Key Concepts Every Business Should Know

samuel -

surfing_devs profile image

E2E testing challenges using Playwright

Surfing Devs -

xun_wang_6384a403f9817c2 profile image

Best Practices for One-time Development and Multi-device Adaptation in HarmonyOS Next

SameX -