Today we will learn about SQL Injection basics. In previous article “INJECTION ATTACKS TUTORIAL – OWASP #1 VULNERABILTY – PART 1”, we have learned about Injection attack basics and type of Injection attacks. As we have learned in previous article that Injection means adding something extra into code which changes the actual behavior of the code or Query. Similarly SQL Injection means adding something extra into SQL query which result into deviation of SQL from actual behavior.
|SQL Injection – Injection Attacks|
What is SQL Injection?
How SQL Injection happens?
$db = new mysqli(‘localhost’, ‘username’, ‘password’, ‘mydatabase’);
$result = $db->query(
‘SELECT * FROM transactions WHERE user_id = ‘ . $_POST[‘user_id’]