What is a SQL Injection Attack?
Published: March 4, 2011

SQL injection attacks are real threats to websites because they attack the heart of a website which is the database. The database is vital in that it stores not only the data but also all the applications that websites need to function. The database is where we store sensitive user information, preferences, inventory, invoices, payments etc.

SQL stands for Structured Query Language, comes in various dialects and is mostly based on the SQL-92 ANSI standard. SQL queries are made up of one or more SQL commands. Examples of these commands are SELECT, UPDATE or INSERT. In regards to SELECT queries, there is often a clause that instructs data to be returned to a specific area within the database. These queries not only make the SQL language very popular but it is also what makes it very vulnerable to these SQL Injection Attacks. How an SQL injection attack works is by "injecting" - adding SQL code to a query which allows a database to be manipulated in ways which were not intended.

You can avoid these SQL attacks by making sure that you design your scripts and your applications with the utmost care. Following is a few ways in which you can reduce the vulnerability of your website to these attacks:

  1. Limit User Access - Never use the default system account for the SQL server 2000 as it has an unrestricted nature. Always set up specific accounts for specific purposes. An example of this would be in the circumstance of letting users view and order products. Set up a specific account for the user where they SELECT only on the products table and can INSERT only on the orders table.
  2. One of the more damaging SQL injection attacks target several extended stored procedures. If you don't use them, then remove extended stored procedures, unused triggers, stored procedures, user-defined functions etc. By removing these vulnerabilities, you are actually blocking the attack before it can happen.
  3. Escape Quotes - Most of SQL Injection Attacks look for the user of single quotes to terminate an expression. To really reduce the opportunity for an attack, simply replace all single quotes to two single quotes by using a replace function. By doing this, the clause for the WHERE query now requires both the username and the userpass fields in order to be valid.
    3) Remove Culprit characters or character sequences - We have found that certain characters and character sequences are often used to perform a SQL injection attack. Before you build a query, get rid of these characters and character sequences to reduce your injection attack vulnerability.
  4. Limit the length of user input - Keep all form fields and text boxes as short as possible. By doing this you are limiting the number of characters that can be used to create a SQL injection attack.

It is not always possible to prevent SQL Injection Attacks but you are now armed with a few ways to guard against them.

About the Author
Anna Agnew is an author for The Computer Geek Custom Web Page Design. The Computer Geek is a web design company that prides itself in professional service at a fraction of the cost. The Computer Geek specializes in Custom Web Design, PHP & MySql and Ecommerce.

Customer Reviews:

Published: July 27, 2016
BEST SERVICE I HAVE EVER EXPERIENCED !!! Called Rich one morning to have my website fixed since it was hacked . I must say he really knows what he is doing in no time at all my site was back on line all malware removed and my web site updated and pro...[Read More]
Eric Bjorkgren
preservewax@gmail.com

 

Published: July 27, 2016
Rich and Justin really know their stuff. Whenever an unexpected issue comes up, which happens a lot in our business, they fix the issue immediately while providing exceptional customer service. I truly enjoy working with them and I recommend them to ...[Read More]
Yoni Lautman
ylautman@samaplastics.com

 

Published: June 25, 2016
"I was notified by my web hosting service that they had deactivated my website due to the presence of malware. I contacted Rich, described my issue (via online chat.. Made it very easy), and within the first 30 minutes, I received a quote, and within...[Read More]
Kevin Costello
kcostellocpa@gmail.com

 

Published: June 13, 2016
Rich saved my life!!! I was hacked and Rich saved me. It was a terrible experience, as is always the case when you deal with some pointless, yet malevolent malware created by some greasy faced kid living in his grandmothers basement. My host i...[Read More]
Adam Sommer
kosmognosis@gmail.com

 

Published: April 19, 2016
On Saturday I discovered one of my 6 websites had been hacked and links were leading to porn sites. I was devastated. I found Computer-geek.net online, and filled in a form. This was a weekend, and almost immediately Evan contacted me. His knowledge ...[Read More]
Diana Walker
diana@dianawalker.com

 

Published: March 8, 2016
I had website builder working on my new site for 3 weeks, at the end of 3 weeks I didn't have a completed website. I contacted the computer geek, within a week of working with me, I now have a website. The service was excellent and very professional....[Read More]
Timothy Holt
trholt44@gmail.com

 

Published: February 21, 2016
"I found myself stuck with an email response form issue on a clients website. These guys spoke to me over the phone and quoted me a price. Happily, they stayed within the initial quote and fixed my problem. If I ever need help again they will be the ...[Read More]
Robert Jordon
papajordan53@gmail.com

 

Published: February 18, 2016
"I had a great experience with help from Computer Geeks. I was above my pay grade with a PHP update and spent 2 days of wasted time trying to fix the issue but without the knowledge to do it. Matthew was great, solved the problem on the first go and ...[Read More]
Joel Posluns
nsaiki@telus.net

 

Published: February 11, 2016
The Computer Geeks are TOP NOTCH - They have taken complete charge of our website, data base, design tweaks, server operations, optimization, and web design and support. If we have a problem - We call Rich - He answers the phone - We tell him our ...[Read More]
Skip Harris
skip@newcenturycomponents.com

 

Published: February 10, 2016
The Computer Geeks have helped our Web site thrive without the payroll of a full time Web maintenance staff member. They are courteous, quick, and divide time on quarterly hours since some of our web work is short and quick. Design is done by Ann...[Read More]
Janet Brown
janet@kxaz.com

 

[Read More Testimonials Here]

Latest Website Related Articles

How to access basic and detailed system information from your Windows computer?

Published: August 22, 2016
Often times, users can find system information right on their Windows computer, if they know how to find it. If you are trying to find any of the following items, you are looking for your Basic System Information: Manufacturer Model...[Read More]

 

How can I recover a file from my emptied recycle bin?

Published: July 29, 2016
In most cases, if you delete a file off of your computer, you can easily recover it after a short period of time has passed. This is because the files you delete from your computer, are not actually gone. All deleted files are moved and stored in a h...[Read More]

 


Here are some links to related topics:
 web site repair,   remove malware from website,   web site design maintenance,   php designers,  


Site Secured By The Website Guardian
What is a SQL Injection Attack? | Computer Geek 5 out of 5 based on 103 user ratings.