sql injection definition

**james438** · 09-15-2008, 04:57 PM

Is sql injection what happens when you have a user that you do not trust who has access to your database who circumvents the form submission format to hijack a sql statement to make changes to a user's database and/or view sensitive information?

**boogyman** · 09-15-2008, 05:39 PM

yes and no

The process of putting in a code to circumvent the safety features is the actual injection. This can be done both with malicious intent (as you said someone you don't trust) and it can happen on accident (user tries to put in valid information that actually initiates something)

**motormichael12** · 09-16-2008, 04:33 PM

It isn't alwasy by someone with access or accident, it could be that someone sees a field and decides "hmmm I wonder if I can hack their site" or something and then tries entering an attack into the field. Look here: http://en.wikipedia.org/wiki/SQL_injection

**boogyman** · 09-16-2008, 04:37 PM

thats why i said with malicious intent

Thread: sql injection definition

Thread Tools

Search Thread

sql injection definition

Bookmarks

Bookmarks

Posting Permissions