What is a SQL Injection Attack?
Published: March 4, 2011


SQL injection attacks are real threats to websites because they attack the heart of a website which is the database. The database is vital in that it stores not only the data but also all the applications that websites need to function. The database is where we store sensitive user information, preferences, inventory, invoices, payments etc.

SQL stands for Structured Query Language, comes in various dialects and is mostly based on the SQL-92 ANSI standard. SQL queries are made up of one or more SQL commands. Examples of these commands are SELECT, UPDATE or INSERT. In regards to SELECT queries, there is often a clause that instructs data to be returned to a specific area within the database. These queries not only make the SQL language very popular but it is also what makes it very vulnerable to these SQL Injection Attacks. How an SQL injection attack works is by "injecting" - adding SQL code to a query which allows a database to be manipulated in ways which were not intended.

You can avoid these SQL attacks by making sure that you design your scripts and your applications with the utmost care. Following is a few ways in which you can reduce the vulnerability of your website to these attacks:

  1. Limit User Access - Never use the default system account for the SQL server 2000 as it has an unrestricted nature. Always set up specific accounts for specific purposes. An example of this would be in the circumstance of letting users view and order products. Set up a specific account for the user where they SELECT only on the products table and can INSERT only on the orders table.
  2. One of the more damaging SQL injection attacks target several extended stored procedures. If you don't use them, then remove extended stored procedures, unused triggers, stored procedures, user-defined functions etc. By removing these vulnerabilities, you are actually blocking the attack before it can happen.
  3. Escape Quotes - Most of SQL Injection Attacks look for the user of single quotes to terminate an expression. To really reduce the opportunity for an attack, simply replace all single quotes to two single quotes by using a replace function. By doing this, the clause for the WHERE query now requires both the username and the userpass fields in order to be valid.
  4. Remove Culprit characters or character sequences - We have found that certain characters and character sequences are often used to perform a SQL injection attack. Before you build a query, get rid of these characters and character sequences to reduce your injection attack vulnerability.
  5. Limit the length of user input - Keep all form fields and text boxes as short as possible. By doing this you are limiting the number of characters that can be used to create a SQL injection attack.

It is not always possible to prevent SQL Injection Attacks but you are now armed with a few ways to guard against them.

About the Author
Anna Agnew is an author for The Computer Geek Custom Web Page Design. The Computer Geek is a web design company that prides itself in professional service at a fraction of the cost. The Computer Geek specializes in Custom Web Design, PHP & MySql and Ecommerce.

Customer Reviews:

Published: June 19, 2017
"The professionalism and expertise which I experienced from Rich Agnew at The Computer Geek is streets ahead of any other service provider. When we were hit with a virus we were at our wits end but within minutes they had sorted us out. We were ama...[Read More]
Toni Gomes
ceo@bpw-jhbsa.co.za

 

Published: June 13, 2017
"Excellent service, very professional to work with. My company's website had become infected with malware. The website is used to direct sales, but equally as import it is used as the portal for the support ticketing system. The site needed to be ...[Read More]
Jake Baker
jbaker@comcomsystems.com

 

Published: April 18, 2017
Geeks make it look easy. After hiring the Computer Geeks for a lot of minor site work, I decided to follow Rich's advice and start from scratch. Rich & Co. designed and built a new site for my business, quickly and efficiently, with sleek, profession...[Read More]
Alan Perlman
alanperlmanphd@gmail.com

 

Published: April 17, 2017
Your alacrity and client service have been evident from the moment you popped up in a chat screen during my visit to your website. I also deeply appreciate your competence and kindness. Your services are a valuable asset to us and I am grateful for y...[Read More]
Judy Tashbook Safern
jsafern@shearith.org

 

Published: March 16, 2017
Rich and his team at Computer Geek are awesome! They fixed my virus infected website extremely fast (just a day!) and everything turned out great. I will definitely use them again the next time I'm in need of tech help. Thanks guys!...[Read More]
Kate Marcin
katemarcin@gmail.com

 

Published: January 14, 2017
Searching for a competent English-speaking webmaster can be a daunting task, especially if searching the Internet without a personal recommendation from a friend. I discovered Computer Geek's website, liked what I read, and contacted Rich. He promptl...[Read More]
Rand Winburn
randw@iconbusters.com

 

Published: December 22, 2016
Excellent communication and quick to get the job done....[Read More]
Adam Roberts
adamrobertswork@gmail.com

 

Published: July 27, 2016
BEST SERVICE I HAVE EVER EXPERIENCED !!! Called Rich one morning to have my website fixed since it was hacked . I must say he really knows what he is doing in no time at all my site was back on line all malware removed and my web site updated and pro...[Read More]
Eric Bjorkgren
preservewax@gmail.com

 

Published: July 27, 2016
Rich and Justin really know their stuff. Whenever an unexpected issue comes up, which happens a lot in our business, they fix the issue immediately while providing exceptional customer service. I truly enjoy working with them and I recommend them to ...[Read More]
Yoni Lautman
ylautman@samaplastics.com

 

Published: June 25, 2016
"I was notified by my web hosting service that they had deactivated my website due to the presence of malware. I contacted Rich, described my issue (via online chat.. Made it very easy), and within the first 30 minutes, I received a quote, and within...[Read More]
Kevin Costello
kcostellocpa@gmail.com

 

[Read More Testimonials Here]

Latest Website Related Articles

Are Your WordPress Plug-ins Updated?

Published: May 7, 2017
The hackers normally get in through weakness's in your plug-ins. You must keep all your Word Press Plug-ins updated at all times. These updates will fix holes that allow the hackers to access your site through what's called a back door. This...[Read More]

 

Google is Now Starting to Enforce SSL / HTTPS Starting January 2017

Published: January 21, 2017
Google has announced starting January 2017, Google Chrome will be looking at all websites with any type of web form or login area. If those form pages are not protected with a valid SSL Certificate using HTTPS, a NOT Secure warning will show up...[Read More]

 


Here are some links to related topics:
 oscommerce help,   web page maintenance,   oscommerce designer,   ipage hacked,   opencart hacked,   hostclear hacked,  


Site Secured By The Website Guardian
What is a SQL Injection Attack? | Computer Geek 5 out of 5 based on 103 user ratings.
What is a SQL Injection Attack? | Computer Geek
What is a SQL Injection Attack? - SQL injection attacks are real threats to websites because they attack the heart of a website which is the database. The . . .
What is a SQL Injection Attack? | Computer Geek
Date Published: 10/09/2016
What is a SQL Injection Attack? - SQL injection attacks are real threats to websites because they attack the heart of a website which is the database. The . . .
5 / 5 stars