What is a SQL Injection Attack?
Published: March 4, 2011


SQL injection attacks are real threats to websites because they attack the heart of a website which is the database. The database is vital in that it stores not only the data but also all the applications that websites need to function. The database is where we store sensitive user information, preferences, inventory, invoices, payments etc.

SQL stands for Structured Query Language, comes in various dialects and is mostly based on the SQL-92 ANSI standard. SQL queries are made up of one or more SQL commands. Examples of these commands are SELECT, UPDATE or INSERT. In regards to SELECT queries, there is often a clause that instructs data to be returned to a specific area within the database. These queries not only make the SQL language very popular but it is also what makes it very vulnerable to these SQL Injection Attacks. How an SQL injection attack works is by "injecting" - adding SQL code to a query which allows a database to be manipulated in ways which were not intended.

You can avoid these SQL attacks by making sure that you design your scripts and your applications with the utmost care. Following is a few ways in which you can reduce the vulnerability of your website to these attacks:

  1. Limit User Access - Never use the default system account for the SQL server 2000 as it has an unrestricted nature. Always set up specific accounts for specific purposes. An example of this would be in the circumstance of letting users view and order products. Set up a specific account for the user where they SELECT only on the products table and can INSERT only on the orders table.
  2. One of the more damaging SQL injection attacks target several extended stored procedures. If you don't use them, then remove extended stored procedures, unused triggers, stored procedures, user-defined functions etc. By removing these vulnerabilities, you are actually blocking the attack before it can happen.
  3. Escape Quotes - Most of SQL Injection Attacks look for the user of single quotes to terminate an expression. To really reduce the opportunity for an attack, simply replace all single quotes to two single quotes by using a replace function. By doing this, the clause for the WHERE query now requires both the username and the userpass fields in order to be valid.
  4. Remove Culprit characters or character sequences - We have found that certain characters and character sequences are often used to perform a SQL injection attack. Before you build a query, get rid of these characters and character sequences to reduce your injection attack vulnerability.
  5. Limit the length of user input - Keep all form fields and text boxes as short as possible. By doing this you are limiting the number of characters that can be used to create a SQL injection attack.

It is not always possible to prevent SQL Injection Attacks but you are now armed with a few ways to guard against them.

About the Author
Anna Agnew is an author for The Computer Geek Custom Web Page Design. The Computer Geek is a web design company that prides itself in professional service at a fraction of the cost. The Computer Geek specializes in Custom Web Design, PHP & MySql and Ecommerce.

Customer Reviews:

Published: January 24, 2018
Over the past 1 1/2 years I have been extremely pleased with your business operations. When I need something done on my website, the management team delivers promptly ALL THE TIME! Rich and Justin never miss a beat and the keep my "beat" pounding wh...[Read More]
William Velmer
naga1@ix.netcom.com

 

Published: January 17, 2018
Several years back I was informed by a client that they couldn't access my website. After countless days I was able to get a call back from my hosting and web page design company. The company got it back up but the content of the site was messed up. ...[Read More]
Captain Dave Edwards
Biggs87@yahoo.com

 

Published: September 7, 2017
Rich Agnew and his crew at Computer Geek are great to work with. We switched hosting companies a couple of weeks ago and contacted Rich about transferring all our files to the new hosting company. The transfer was successful and smooth. I thought i...[Read More]
Chad Pugh
chad@nationofblue.com

 

Published: August 19, 2017
I had a band website that relied on an old media player that eventually became obsolete when support for it was dropped. I had designed it myself, and in doing so I had a very specific way I wanted our music page to look and work, and in searching ar...[Read More]
Donald Jefferes
jzerony@aol.com

 

Published: June 19, 2017
"The professionalism and expertise which I experienced from Rich Agnew at The Computer Geek is streets ahead of any other service provider. When we were hit with a virus we were at our wits end but within minutes they had sorted us out. We were ama...[Read More]
Toni Gomes
ceo@bpw-jhbsa.co.za

 

Published: June 13, 2017
"Excellent service, very professional to work with. My company's website had become infected with malware. The website is used to direct sales, but equally as import it is used as the portal for the support ticketing system. The site needed to be ...[Read More]
Jake Baker
jbaker@comcomsystems.com

 

Published: April 18, 2017
Geeks make it look easy. After hiring the Computer Geeks for a lot of minor site work, I decided to follow Rich's advice and start from scratch. Rich & Co. designed and built a new site for my business, quickly and efficiently, with sleek, profession...[Read More]
Alan Perlman
alanperlmanphd@gmail.com

 

Published: April 17, 2017
Your alacrity and client service have been evident from the moment you popped up in a chat screen during my visit to your website. I also deeply appreciate your competence and kindness. Your services are a valuable asset to us and I am grateful for y...[Read More]
Judy Tashbook Safern
jsafern@shearith.org

 

Published: March 16, 2017
Rich and his team at Computer Geek are awesome! They fixed my virus infected website extremely fast (just a day!) and everything turned out great. I will definitely use them again the next time I'm in need of tech help. Thanks guys!...[Read More]
Kate Marcin
katemarcin@gmail.com

 

Published: January 14, 2017
Searching for a competent English-speaking webmaster can be a daunting task, especially if searching the Internet without a personal recommendation from a friend. I discovered Computer Geek's website, liked what I read, and contacted Rich. He promptl...[Read More]
Rand Winburn
randw@iconbusters.com

 

[Read More Testimonials Here]

Latest Website Related Articles

BadMash3 Exploit

Published: April 17, 2018
The BadMash3 Exploit is just a phrase that criminal hackers made up to make their bug poaching scam seem more legitimate. In reality this is just a SQL Injection hack and extortion attempt. These hackers are known by several names such as Bu...[Read More]

 

Beware of Bug Poachers

Published: April 16, 2018
Beware of Bug Poachers. There are criminal hackers out there working hard all day long to separate you from your hard earned money. These hackers are known by several names such as Bug Poachers, Cyber Extortionists, Website Hackers or Grey H...[Read More]

 


Here are some links to related topics:
 fix my website,   php webmaster,   oscommerce consultants,   hostclear hacked,   hostmonster hacked,   pure host hacked,  


Site Secured By The Website Guardian
What is a SQL Injection Attack? | Computer Geek 5 out of 5 based on 103 user ratings.
What is a SQL Injection Attack? | Computer Geek
What is a SQL Injection Attack? - SQL injection attacks are real threats to websites because they attack the heart of a website which is the database. The . . .
What is a SQL Injection Attack? | Computer Geek
Date Published: 10/09/2016
What is a SQL Injection Attack? - SQL injection attacks are real threats to websites because they attack the heart of a website which is the database. The . . .
5 / 5 stars