What is a SQL Injection Attack?
Published: March 4, 2011


SQL injection attacks are real threats to websites because they attack the heart of a website which is the database. The database is vital in that it stores not only the data but also all the applications that websites need to function. The database is where we store sensitive user information, preferences, inventory, invoices, payments etc.

SQL stands for Structured Query Language, comes in various dialects and is mostly based on the SQL-92 ANSI standard. SQL queries are made up of one or more SQL commands. Examples of these commands are SELECT, UPDATE or INSERT. In regards to SELECT queries, there is often a clause that instructs data to be returned to a specific area within the database. These queries not only make the SQL language very popular but it is also what makes it very vulnerable to these SQL Injection Attacks. How an SQL injection attack works is by "injecting" - adding SQL code to a query which allows a database to be manipulated in ways which were not intended.

You can avoid these SQL attacks by making sure that you design your scripts and your applications with the utmost care. Following is a few ways in which you can reduce the vulnerability of your website to these attacks:

  1. Limit User Access - Never use the default system account for the SQL server 2000 as it has an unrestricted nature. Always set up specific accounts for specific purposes. An example of this would be in the circumstance of letting users view and order products. Set up a specific account for the user where they SELECT only on the products table and can INSERT only on the orders table.
  2. One of the more damaging SQL injection attacks target several extended stored procedures. If you don't use them, then remove extended stored procedures, unused triggers, stored procedures, user-defined functions etc. By removing these vulnerabilities, you are actually blocking the attack before it can happen.
  3. Escape Quotes - Most of SQL Injection Attacks look for the user of single quotes to terminate an expression. To really reduce the opportunity for an attack, simply replace all single quotes to two single quotes by using a replace function. By doing this, the clause for the WHERE query now requires both the username and the userpass fields in order to be valid.
  4. Remove Culprit characters or character sequences - We have found that certain characters and character sequences are often used to perform a SQL injection attack. Before you build a query, get rid of these characters and character sequences to reduce your injection attack vulnerability.
  5. Limit the length of user input - Keep all form fields and text boxes as short as possible. By doing this you are limiting the number of characters that can be used to create a SQL injection attack.

It is not always possible to prevent SQL Injection Attacks but you are now armed with a few ways to guard against them.

About the Author
Anna Agnew is an author for The Computer Geek Custom Web Page Design. The Computer Geek is a web design company that prides itself in professional service at a fraction of the cost. The Computer Geek specializes in Custom Web Design, PHP & MySql and Ecommerce.

Customer Reviews:

Published: September 23, 2018
The Computer Geek team got my website up and running again within just a few hours. I was dead in the water and on a time constraint. Not knowing where to turn, I luckily found this great team and they solved my problem! Thank you guys!...[Read More]
Robert Alvarado
rwalvo@gmail.com

 

Published: September 21, 2018
I had an issue with my website's php code (whatever that is) ??. I also needed to update my php without crashing it. I had no idea who to turn to and feared an expensive price. Somehow, I found the computer-geek. It was fixed and updated in no time w...[Read More]
Pat Studstill
pat.studstill@gmail.com

 

Published: September 1, 2018
Great service, received a response within minutes. Problem solved next day! Prices are reasonable. Very happy! Thank you Rich....[Read More]
Shady Azer
shadya@concordeworldwide.com

 

Published: August 7, 2018
The computer geeks are gifted editors who strives to add excellence into all the work they do. They have worked with me on a pitch project for my comic book and I re-hired them to work with me on a feature film, CRY. The film genre was found footage ...[Read More]
Octavius Ra
r@orapictures.com

 

Published: July 28, 2018
Rich, you're the best! You kept this about the project, not the $$$. Your price was extremely fair. My site was down-for-the-count; and you got it back up within one hour of my initial call. I hope I don't come off racist, but it was great to hear so...[Read More]
George Busateri
gbusateri@att.net

 

Published: July 21, 2018
We have an e-commerce website that was hijacked for ransomware and we had nowhere to go, I got a recommendation from an acquaintance to check out computer-geek and we are so glad we did. I contacted Rich on a Saturday and got a response within minute...[Read More]
Richard James
richard@theherbalcoast.com

 

Published: July 1, 2018
"Thank you for your awesome & fast service at an awesome price. I will definitely be using your services again in the future if needed. A++"...[Read More]
Eric Villeneuve
eric@podblog.ca

 

Published: January 24, 2018
Over the past 1 1/2 years I have been extremely pleased with your business operations. When I need something done on my website, the management team delivers promptly ALL THE TIME! Rich and Justin never miss a beat and the keep my "beat" pounding wh...[Read More]
William Velmer
naga1@ix.netcom.com

 

Published: January 17, 2018
Several years back I was informed by a client that they couldn't access my website. After countless days I was able to get a call back from my hosting and web page design company. The company got it back up but the content of the site was messed up. ...[Read More]
Captain Dave Edwards
Biggs87@yahoo.com

 

Published: September 7, 2017
Rich Agnew and his crew at Computer Geek are great to work with. We switched hosting companies a couple of weeks ago and contacted Rich about transferring all our files to the new hosting company. The transfer was successful and smooth. I thought i...[Read More]
Chad Pugh
chad@nationofblue.com

 

[Read More Testimonials Here]

Latest Website Related Articles

How Can I Embed Videos in Wordpress Posts

Published: September 9, 2018
Adding videos to your WordPress website is an easy way to boost user engagement, improve search engine optimization, as well as give your target audience a visual representation of what you're talking about in your posts. While embedding videos to yo...[Read More]

 

Is your webmaster robbing you blind?

Published: July 25, 2018
You have to be very careful when dealing with random webmaster.htm" title="webmaster">webmasters you find on the internet. Webmasters are like used car salesmen, they say whatever they want to say to get the job. In an industry where there is no oversight or certifications required,...[webmaster-robbing-va-73.html" title="Read More On Is your webmaster robbing you blind?">Read More]

 


Here are some links to related topics:
 hiring a webmaster,   webmaster ca,   web site repair,   wordpress hacked,   xcart hacked,   ipower hacked,  


Site Secured By The Website Guardian
What is a SQL Injection Attack? | Computer Geek 5 out of 5 based on 103 user ratings.
What is a SQL Injection Attack? | Computer Geek
What is a SQL Injection Attack? - SQL injection attacks are real threats to websites because they attack the heart of a website which is the database. The . . .
What is a SQL Injection Attack? | Computer Geek
Date Published: 10/09/2016
What is a SQL Injection Attack? - SQL injection attacks are real threats to websites because they attack the heart of a website which is the database. The . . .
5 / 5 stars