SQL Injection is can use to prevent the malicious attack by another user to save your data. But it more use is done in the process of exploitation
Injection can be done like while you are entering your email id and password for login, SQL query is inject its SQL commands into its statement. It can alter the SQL statement but provides the security for a web application.
SELECT * FROM tablename WHERE Clause INJECTION insertion;
SELECT * FROM studinfo WHERE 1 = 1 ;
Display all reuslt from the table Studinfo
SELECT * FROM studinfo WHERE fnama='arun' OR 1 = 1 ;
show the result on the basis of condition define fname='arun' and all result also display
SELECT * FROM studinfo WHERE fnama='arun' OR 1 = 0 ;
show the result on the basis of condition define fname='arun' and single result will display whose condition is true.
SELECT * FROM studinfo WHERE fnama='arun' AND 1 = 0 ;
If we can insert AND inplace of OR ,no result will be shown whose command will be given , because no condition will be true.
SELECT * FROM studinfo WHERE fnama='arun' AND 1 = 1 ;
show the result on the basis of condition define fname='arun' and single result will display in which both condition is true.
The injection help in another ways they are used in some login page to check the validations which provides the security for a web application, like syntax is given below
uname = getRequestString("Uname");
upass = getRequestString("UPass");
sql = "SELECT * FROM tablename
WHERE Name ='" + uname + "'
AND Pass ='" + upass + "'";
SELECT * FROM studinfo WHERE fname='arun' AND " " = " " AND lname='saxena' and " " = " ";
In this query both the condition needs to be valid to print the info, if one of the condition is false it does not show any result
(追記) (追記ここまで)Others
Languages
Frameworks
Web / Design
Mobile Technology
Sql & Technology
R4R