A Brief Overview of SQL Injection

Google+ Pinterest LinkedIn Tumblr +

The good news is that there are several functions that make it easy to verify data. PHP, for example, has functions that checks what type of data is being sent through the query. These functions can be used on certain types of data that are commonly used to exploit the use of SQL injection. The easiest functions to use involve numbers in which it validates the type of data and whether or not to send the query.

Regular data may be a little difficult to verify. What is common used to verify this data is a function that checks the string for characters such as the slash “\” or quotes (“). The function will automatically remove all those characters and sometimes replace it with a null. This is a common technique that is used to secure a wide variety of databases. The problem is that not all servers have settings or configurations that allow for this to happen. However, there are safer ways to do this even for servers that have enabled this feature.

Also, while most sql servers can allow users to send multiple queries at once, there is also settings in place that prevent too many connections from certain users. This prevents the ability for hackers to use injection. This is technique that can be used along with validation of the actual data.

However, the problem with the use of all these data modification techniques is that the data itself will eventually appear on the page in a manner that may not be properly formatted. For example, you may see the slash character where you don’t want it to appear. This side effect is necessary to ensure the database is safe, but can be a problem if you try the output value of your site in a special manner. You may have to go out of your way to code your page to ensure that the data is formatted correctly.

Now that you are familiar with the techniques of building a search string with validation for security, you can now take steps to keep your database safe.

While most sql servers can allow users to send multiple queries at once, there is also settings in place that prevent too many connections from certain users. This prevents the ability for hackers to use injection.

Share.

About Author

Leave A Reply