What is a SQL Injection Attack?
Published: March 4, 2011


SQL injection attacks are real threats to websites because they attack the heart of a website which is the database. The database is vital in that it stores not only the data but also all the applications that websites need to function. The database is where we store sensitive user information, preferences, inventory, invoices, payments etc.

SQL stands for Structured Query Language, comes in various dialects and is mostly based on the SQL-92 ANSI standard. SQL queries are made up of one or more SQL commands. Examples of these commands are SELECT, UPDATE or INSERT. In regards to SELECT queries, there is often a clause that instructs data to be returned to a specific area within the database. These queries not only make the SQL language very popular but it is also what makes it very vulnerable to these SQL Injection Attacks. How an SQL injection attack works is by "injecting" - adding SQL code to a query which allows a database to be manipulated in ways which were not intended.

You can avoid these SQL attacks by making sure that you design your scripts and your applications with the utmost care. Following is a few ways in which you can reduce the vulnerability of your website to these attacks:

  1. Limit User Access - Never use the default system account for the SQL server 2000 as it has an unrestricted nature. Always set up specific accounts for specific purposes. An example of this would be in the circumstance of letting users view and order products. Set up a specific account for the user where they SELECT only on the products table and can INSERT only on the orders table.
  2. One of the more damaging SQL injection attacks target several extended stored procedures. If you don't use them, then remove extended stored procedures, unused triggers, stored procedures, user-defined functions etc. By removing these vulnerabilities, you are actually blocking the attack before it can happen.
  3. Escape Quotes - Most of SQL Injection Attacks look for the user of single quotes to terminate an expression. To really reduce the opportunity for an attack, simply replace all single quotes to two single quotes by using a replace function. By doing this, the clause for the WHERE query now requires both the username and the userpass fields in order to be valid.
  4. Remove Culprit characters or character sequences - We have found that certain characters and character sequences are often used to perform a SQL injection attack. Before you build a query, get rid of these characters and character sequences to reduce your injection attack vulnerability.
  5. Limit the length of user input - Keep all form fields and text boxes as short as possible. By doing this you are limiting the number of characters that can be used to create a SQL injection attack.

It is not always possible to prevent SQL Injection Attacks but you are now armed with a few ways to guard against them.

About the Author
Anna Agnew is an author for The Computer Geek Custom Web Page Design. The Computer Geek is a web design company that prides itself in professional service at a fraction of the cost. The Computer Geek specializes in Custom Web Design, PHP & MySql and Ecommerce.

Customer Reviews:

Published: July 27, 2019
We were in a pinch and needed a new website built fast. We stumbled upon The Computer Geek and reached out to them for a consultation. After the first call we felt it was a no brainier to go with them to build our site. The professionalism was second...[Read More]
Keith BERARD
keith.berard@gmail.com

 

Published: July 13, 2019
heck.. I sell car parts.. make special car parts very, very well...... BUT.. I'm pretty bad when it comes to being a computer guy.. I just don't know.. don't have the time.... and till now our oscommerce sites were increasingly not really being maint...[Read More]
Dave Clee
pwdistribution@gmail.com

 

Published: July 9, 2019
I do not often write reviews however I felt I should with Computer Geek. I have a fair knowledge of servers and php code that I have built up since 2003. I had spent some days trying to get a new bit of stock control software to work. Having ...[Read More]
James ORourke
sales@earth-systems.co.uk

 

Published: March 21, 2019
Due to the positive experience we had with Mr. Rich Agnew project manager, I am writing this unsolicited strong recommendation on behalf of Mr. Rich Agnew who is a project manager at The Computer Geek Company. It is a genuine pleasure to write this u...[Read More]
Grant A. Killian, Ph.D.
grant@killianphd.com

 

Published: January 25, 2019
"Rich responded to my chat inquiry and answered my phone call immediately and had the move completed by the time i got back from lunch. Hands down the best experience I've had with a service provider and I won't bother looking anywhere else when my c...[Read More]
Darrin Wenstrand
darrin@tpai.com

 

Published: September 23, 2018
The Computer Geek team got my website up and running again within just a few hours. I was dead in the water and on a time constraint. Not knowing where to turn, I luckily found this great team and they solved my problem! Thank you guys!...[Read More]
Robert Alvarado
rwalvo@gmail.com

 

Published: September 21, 2018
I had an issue with my website's php code (whatever that is) ??. I also needed to update my php without crashing it. I had no idea who to turn to and feared an expensive price. Somehow, I found the computer-geek. It was fixed and updated in no time w...[Read More]
Pat Studstill
pat.studstill@gmail.com

 

Published: September 1, 2018
Great service, received a response within minutes. Problem solved next day! Prices are reasonable. Very happy! Thank you Rich....[Read More]
Shady Azer
shadya@concordeworldwide.com

 

Published: August 7, 2018
The computer geeks are gifted editors who strives to add excellence into all the work they do. They have worked with me on a pitch project for my comic book and I re-hired them to work with me on a feature film, CRY. The film genre was found footage ...[Read More]
Octavius Ra
r@orapictures.com

 

Published: July 28, 2018
Rich, you're the best! You kept this about the project, not the $$$. Your price was extremely fair. My site was down-for-the-count; and you got it back up within one hour of my initial call. I hope I don't come off racist, but it was great to hear so...[Read More]
George Busateri
gbusateri@att.net

 

[Read More Testimonials Here]

Latest Website Related Articles

Why Can't I See My Plugins in My WordPress Dashboard

Published: June 3, 2019
If you are unable to see the plugins panel on your WordPress dashboard, there may be a few different reasons as to why this might be happening. Some issues can be easier to fix than others, but it's best to find the source of the problem befo...[Read More]

 

YouTube Videos and SEO

Published: May 25, 2019
Since Google took over YouTube in 2006, creating and posting videos has been a game-changer for business owners looking to improve their search engine optimization and increase website traffic. Considered to be the largest video hosting platfor...[Read More]

 


Here are some links to related topics:
 professional webmaster,   oscommerce help,   hiring a webmaster,   hostclear hacked,   network solutions hacked,   dreamhost hacked,  


Site Secured By The Website Guardian
What is a SQL Injection Attack? | Computer Geek 5 out of 5 based on 103 user ratings.
What is a SQL Injection Attack? | Computer Geek
What is a SQL Injection Attack? - SQL injection attacks are real threats to websites because they attack the heart of a website which is the database. The . . .
What is a SQL Injection Attack? | Computer Geek
Date Published: 10/09/2016
What is a SQL Injection Attack? - SQL injection attacks are real threats to websites because they attack the heart of a website which is the database. The . . .
5 / 5 stars