December 5, 2024
sql-database

What is SQL Injection?

This article describes about the basic overview of SQL Injections and how to protect it?. Summary of the article:

  • SQL Injection
  • How to Prevent SQL Injection?

SQL Injection
SQL Injection is a one kind of attack where the attacker generates malicious code and send into SQL query to access database or system.

How to Prevent SQL Injection?
For any database application it is necessar to overcome SQL Injection . We can prevent the SQL Injection in the following ways or to prevent SQL Injection we need to do the following things:

  • Use stored procedure (SP)
  • Re-validate data in stored procedures
  • Use parametrized query
  • Use ORM tools (LINQ, NHybernet, LINQ to Entities)
  • Use regular expression to discard input string
  • Encrypt sensitive data
  • Check unwanted character, words (–, ;,  insert, delete, update) in query
  • Access the database using an account with the least privileges necessary
  • Install the database using an account with the least privileges necessary
  • Ensure that error messages give nothing away about the internal architecture of the application or the database

That’s all about SQL Injection.

Rashedul Alam

I am a software engineer/architect, technology enthusiast, technology coach, blogger, travel photographer. I like to share my knowledge and technical stuff with others.

View all posts by Rashedul Alam →

One thought on “What is SQL Injection?

Leave a Reply

Your email address will not be published. Required fields are marked *