SQL stands for Structured Query Language. To understand what SQL Injection is, it is important to understand how information on the web is stored. A database is used to store data such that it is easy to access and manage data efficiently. There are two kinds of databases – Relational and Non-Relational. Relational database stores data in the form of rows and columns while non-relational database store data mainly in four fashions – Key-value, Graph, Column, and Document.
What is SQL?
SQL is a standard language used to program and manage data stored in relational databases. With SQL, you can create database and tables, delete, fetch and modify rows and so on. An example of a SQL database query is as follows:
SELECT Name, Description FROM Product WHERE ProductID = 100
This will select the data from the Name and Description column of the Product table where the ProductID column contains the entry 100 provided it is present.
Some of the statements used for data manipulation are SELECT, INSERT, DELETE and UPDATE and does what the name suggests.
What is SQL Injection and why is it dangerous?
SQL Injection refers to the injection of malicious SQL statements in order to manipulate the backend database hence gaining access to sensitive information that was not meant to be displayed like user information or passwords.
A successful SQL attack can be devastating as the attacker may gain access to sensitive and unauthorized company data, user information and other data that is not meant for the public. Moreover, the perpetrator may delete rows and may even delete the entire table and in worst cases he may gain administrative rights to a database which is catastrophic for a business.
How does SQL Injection work?
A website may contain forms with input fields that may be used to authenticate users or add and update data in the platform. For a successful SQL attack, the perpetrator must first spot the vulnerability of the website. A website is vulnerable to such attacks if it allows users to enter special characters such as “(double quotation) which when processed in the backend is translated as a valid SQL statement.
The perpetrator could submit a malicious code that can lead to situations such as all the tables being dropped from the database, that is, deleting all the data which is disastrous for a business. For instance, if an attacker wants to bypass the authentication process in a website, he sets the password field to something like password’ OR 1=1.
Such a query will always be true granting the perpetrator access. Such authentication bypass may log the attacker in as the administrative user.
How to prevent SQL Injection?
Being a web developer, it is your duty to make sure the data stored is secured especially while storing user passwords and other sensitive data.
There are a few solutions which you can use in the front end of your web application:
However, the above methods can be easily bypassed using the Chrome Dev Tools and are cumbersome as they must be repeated for all input fields in the website.
Therefore, the only concrete way to prevent SQL Injection is by building your defenses in the back end of your web application. To learn more about this, read our article: Preventing SQL Injection in PHP using Parameter Binding.