SQL Injection

SQL Injection (SQLi) is a web security vulnerability that allows an attacker to alter the SQL queries an application makes to its database. It is one of the oldest and most dangerous web application vulnerabilities. A successful SQLi attack can result from an attacker gaining unauthorized access to view, modify, create, or delete data in the database. In many cases, an attacker can escalate an SQLi attack to compromise the underlying server or other back-end infrastructure, or perform a denial-of-service attack. The vulnerability occurs when an application uses user-supplied data to build a SQL query without properly sanitizing it. The attacker can then supply specially crafted input that changes the structure of the original query. For example, imagine a login form that constructs a query like this: `SELECT * FROM users WHERE username = 'USER_INPUT' AND password = 'PASSWORD_INPUT'`. An attacker could enter `' OR '1'='1` as the username. The resulting query would become `SELECT * FROM users WHERE username = '' OR '1'='1' AND password = '...'`. Because `'1'='1'` is always true, the condition is met for every user in the database, and the attacker could be logged in as the first user, who is often an administrator. The most effective way to prevent SQL injection is to use parameterized queries (also known as prepared statements). With parameterized queries, the database driver is sent the query structure and the user input separately. The database then combines them in a way that ensures the user input is treated only as data and not as part of the SQL command, making it impossible for an attacker to change the query's intent.