What is a SQL Injection Attack?
Published: March 4, 2011


SQL injection attacks are real threats to websites because they attack the heart of a website which is the database. The database is vital in that it stores not only the data but also all the applications that websites need to function. The database is where we store sensitive user information, preferences, inventory, invoices, payments etc.

SQL stands for Structured Query Language, comes in various dialects and is mostly based on the SQL-92 ANSI standard. SQL queries are made up of one or more SQL commands. Examples of these commands are SELECT, UPDATE or INSERT. In regards to SELECT queries, there is often a clause that instructs data to be returned to a specific area within the database. These queries not only make the SQL language very popular but it is also what makes it very vulnerable to these SQL Injection Attacks. How an SQL injection attack works is by "injecting" - adding SQL code to a query which allows a database to be manipulated in ways which were not intended.

You can avoid these SQL attacks by making sure that you design your scripts and your applications with the utmost care. Following is a few ways in which you can reduce the vulnerability of your website to these attacks:

  1. Limit User Access - Never use the default system account for the SQL server 2000 as it has an unrestricted nature. Always set up specific accounts for specific purposes. An example of this would be in the circumstance of letting users view and order products. Set up a specific account for the user where they SELECT only on the products table and can INSERT only on the orders table.
  2. One of the more damaging SQL injection attacks target several extended stored procedures. If you don't use them, then remove extended stored procedures, unused triggers, stored procedures, user-defined functions etc. By removing these vulnerabilities, you are actually blocking the attack before it can happen.
  3. Escape Quotes - Most of SQL Injection Attacks look for the user of single quotes to terminate an expression. To really reduce the opportunity for an attack, simply replace all single quotes to two single quotes by using a replace function. By doing this, the clause for the WHERE query now requires both the username and the userpass fields in order to be valid.
  4. Remove Culprit characters or character sequences - We have found that certain characters and character sequences are often used to perform a SQL injection attack. Before you build a query, get rid of these characters and character sequences to reduce your injection attack vulnerability.
  5. Limit the length of user input - Keep all form fields and text boxes as short as possible. By doing this you are limiting the number of characters that can be used to create a SQL injection attack.

It is not always possible to prevent SQL Injection Attacks but you are now armed with a few ways to guard against them.

About the Author
Anna Agnew is an author for The Computer Geek Custom Web Page Design. The Computer Geek is a web design company that prides itself in professional service at a fraction of the cost. The Computer Geek specializes in Custom Web Design, PHP & MySql and Ecommerce.

Customer Reviews:

We all have been VERY pleased with Adrian's vigila
We all have been VERY pleased with Adrian's vigilance in monitoring the website and his quick and successful repairs. Evan was also very helpful in solving all of my hacking problems. So in all aspects of the Computer Geeks we are very glad we are working with you.
Kenneth Bruscia PhD
Published:
Kenneth Bruscia PhD
[email protected]
FIVE STARS + It's true, this is the place to go fo
FIVE STARS + It's true, this is the place to go for your web site needs. In my case, Justin fixed my problem immediately. It's such a comfort to know that I can reply on these people for any and all my web needs. You will not find a better team anywhere.
Paul Adler
Published:
Paul Adler
[email protected]
We reached out to Rich and his team at Computer Ge
We reached out to Rich and his team at Computer Geek in July 2021. We were in desperate need of help because our former website design agency left us hanging with major website issues that needed immediate attention. Rich and his team were extremely helpful and quick to come to our rescue! They have helped us with numerous projects that have helped our SEO. Our sales have increased 30% since coming to Computer Geek. We've been working with them for about nine months now and are very pleased with their response time and helpful manner. Rich has proven himself to be trustworthy and dependable. We feel valued as a customer and look forward to continuing a relationship with Computer Geek.
Leigh Hutchens
Published:
Leigh Hutchens
[email protected]
Just to say thank you for all the hard work. I can
Just to say thank you for all the hard work. I can't express enough how great it's been to send projects and they get done. Beyond that, your ability to work with three different folks in a personable way really has been a game changer for us. The improvements to our business because of your hard work have been significant.
Curtis Williams
Published:
Curtis Williams
[email protected]
I would certainly like to recommend that anyone pu
I would certainly like to recommend that anyone pursing maintenance for a website to contact The Computer Geek. I have been using another company to do some maintenance on my site with moderate success. There were issues that were evidently beyond what could be handled by them. However, the professionals at The Computer Geek had them addressed and rectified in no time at all. The Computer Geek approached all of my requests focusing on my goals and the needed performance. Then, once versed, presented me with a very reasonable price. Once the projects were in motion, I found that the tasks were achieved before I expected, with professional results. Also, in one instance where The Computer Geeks brought an issue to my attention that I would have likely overlooked. This was accompanied by a recommendation on how to solve the issue. Overall The Computer Geeks exceeded my expectations!
David Pappas
Published:
David Pappas
[email protected]
I have a important website dedicated to the local
I have a important website dedicated to the local high school going back nearly 100 years. It was suddenly infected with a virus. Rich at Computer Geek fixed it within an hour. I cannot recommend him enough. I hope it's not for a long time, but the next time I need help, Rich is who I'm gonna call.
Eric Williams
Published:
Eric Williams
[email protected]
WOW! I have been wracking my brain for the past 30
WOW! I have been wracking my brain for the past 30 days trying to figure out who was hosting my company's website the domain owner, etc. Yesterday, when I googled for help and I clicked on the link to computer-geek.net and picked up the phone and called them. Rich answered and from there it was smooth sailing!
Rhonda Harding
Published:
Rhonda Harding
[email protected]
A note to let you know how much I appreciate your
A note to let you know how much I appreciate your team's work. Justin is on top of quickly solving any issues, making changes, reliable. Finding you was one of the luckiest days of my 74 years. I'd be honored if you'd add me to your list of references. And please stay healthy and in business. I got enough headaches from other folks.
Dan Cutrer
Published:
Dan Cutrer
[email protected]
We discovered an issue with our Oscommerce cart pr
We discovered an issue with our Oscommerce cart processing images. It is about 14 years old and heavily modified. Looking on google for some expert help I found Rich and reached out to him. We received a response the same day. The next day his team was working on our issue and was able to solve it within a few hours. Price was reasonable and we are very appreciative to find a competent and professional oscommerce expert to help successfully troubleshoot our issue.
Phillip Sirota
Published:
Phillip Sirota
[email protected]
I'm very new to the whole idea of having a website
I'm very new to the whole idea of having a website / blog. I used Bluehost.com and WordPress.org to create Thepredatorhunter.com and then managed to wreck it. On a Sunday morning I opened chat box with Rich and within a few hours everything was fantastic! This isn't just a company for big biz, if your new and small, The Computer Geek can help you out. In trouble? Stop fretting and start typing in the chat box. You will be glad you did!
Dennis Gilmore
Published:
Dennis Gilmore
[email protected]
[Read More Testimonials Here]

Latest Website Related Articles

NASA is about to crash a spacecraft into an asteroid

Published: September 26, 2022
Dimorphos is a lump of space rock so far away from Earth that we don’t even know what it looks like, and on Monday, we’re going to smash it with a spacecraft. The Double Asteroid Redirection Test (DART) will be traveling at more than 14,0...[Read More]

 

What is an internet service provider

Published: September 26, 2022
If you work with computers or spend a lot of time on them, then you've probably heard of the term internet service provider or ISP. But what exactly is an ISP?  An ISP is a company that provides an internet connection to homes, businesses...[Read More]

 


Here are some links to related topics:
 word press speed up,   denial of service attack troubleshooter,   speed up wordpress website performance,   drupal hacked,   hostmonster hacked,   hostclear hacked,  


Auto Helpers: Auto Helpers
Site Secured By The Website Guardian