الأربعاء، 24 مارس 2010

SQL Injection



SQL injection is a code injection technique that exploits a security vulnerability occurring in
the database layer of an application

Example
SELECT * FROM users WHERE name = 'a';DROP TABLE users; SELECT * FROM userinfo WHERE 't' = 't';

If this code were to be used in an authentication procedure then this example could be used to force the selection of a valid username because the evaluation of 't'='t' is always true.

Reference : http://en.wikipedia.org/wiki/SQL_injection