What's a SQL injection attack?

18.03.2009
Here's some scary math: IBM tells USA Today that the enterprise service provider measures on its large corporate clients. How many does that mean when that is projected across the entire Internet? Millions of servers daily are attacked for the purpose of extracting vital data. But USA Today never explains exactly what a SQL injection attack is.

It's important for IT workers to understand SQL injection. Standard writer Lincoln Spector that operating systems (read: Microsoft Windows) have become much more bulletproof. So black-hat hackers now running atop the operating system, because there are far more weaknesses to exploit there. According to Gartner, three-fourths of the Web applications vulnerabilities reported last year have still not been fixed.

SQL injection attacks work by placing commands written in the database manipulation language SQL (short for ) into, for example, the username field on a website's login page. Incorrect handling of the username causes it to be treated as part of a SQL command by the website's servers.

Wikipedia has of SQL injection. In one, the hacker (or more likely, a program written by the hacker to attack many machines at once) fills in the username field with "a' or 't'='t'." This bit of SQL gets added to the command that looks up usernames in the database, where the programmer had assumed that only usernames would be typed.

So instead of running this SQL command:

statement = "SELECT * FROM users WHERE name = '" + userName + "';"