SQL Injection

One of the oldest and most dangerous web vulnerabilities. Learn how simple unescaped strings can open your entire database to the world.

Concept Overview

Imagine a search bar where you type 'Shoes'. The app runs: SELECT * FROM products WHERE name = 'Shoes'.

An attacker types: ' OR 1=1 --. The app now runs: SELECT * FROM products WHERE name = '' OR 1=1 --'.

Because 1=1 is always true, the database returns every single row. The -- tells the database to ignore the rest of the original query.