LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Programming Foundations: Web Security

Unlock the full course today

Join today to access over 24,000 courses taught by industry experts.

SQL injection

SQL injection

From the course: Programming Foundations: Web Security

Start my 1-month free trial Buy for my team

SQL injection

“

- SQL Injection is an attack that occurs when untrusted data is used to construct an SQL query. The data is inserted or injected into the SQL query string. It allows an attacker to execute arbitrary request to an SQL database. SQL Injection sometimes called SQLI for short is not the only form of code injection, but it is the most common. Most modern web applications rely heavily on databases and by some estimates, 75% of databases use SQL. The same general principles that we discuss for SQLI can be applied anytime untrusted data is used to construct a query or a value that's used for code. OWASP, the Open Web Application Security Project, has ranked code injection as one of the top security threats to web applications for the last 10 years. The subject is definitely worth our attention. SQLI is easy for attackers to detect and to exploit. Let's look at an example of SQL Injection. Imagine a login form. When the form is…

Contents