MySQL

Injection in MySQL
Previous Home Next

SQL Injection is can use to prevent the malicious attack by another user to save your data. But it more use is done in the process of exploitation

Injection can be done like while you are entering your email id and password for login, SQL query is inject its SQL commands into its statement. It can alter the SQL statement but provides the security for a web application.

Syntax

SELECT *   
FROM tablename  
WHERE Clause INJECTION insertion;

basic SQL Injection Insertion can be done by three ways

TypeDescription
1=1Is always True
0=1Is always False
" " = " "Is always True

Example

SELECT *
FROM studinfo
WHERE 1 = 1 ;

 

Display all reuslt from the table Studinfo

Example

SELECT *
FROM studinfo
WHERE fnama='arun' OR 1 = 1 ;

show the result on the basis of condition define fname='arun' and all result also display

Example

SELECT *
FROM studinfo
WHERE fnama='arun' OR 1 = 0 ;

show the result on the basis of condition define fname='arun' and single result will display whose condition is true.

Example

SELECT *
FROM studinfo
WHERE fnama='arun' AND 1 = 0 ;

If we can insert AND inplace of OR ,no result will be shown whose command will be given , because no condition will be true.

Example

SELECT *
FROM studinfo
WHERE fnama='arun' AND 1 = 1 ;

show the result on the basis of condition define fname='arun' and single result will display in which both condition is true.

The injection help in another ways they are used in some login page to check the validations which provides the security for a web application, like syntax is given below

Syntax

uname = getRequestString("Uname");
upass = getRequestString("UPass");

sql = "SELECT * FROM tablename
	   WHERE Name ='" + uname + "' 
        AND Pass ='" + upass + "'";

Example

SELECT *
FROM studinfo 
WHERE fname='arun' AND " " = " " 
	  AND lname='saxena' and  " " = " ";

In this query both the condition needs to be valid to print the info, if one of the condition is false it does not show any result

Previous Home Next

Tolal:0 Click:

Show All Comments

Did not find what you were looking for leave your name and message. We will revert within 24 hours
Name:
eMail:
Comment / Feedback: