Home Tech News Protection against SQL injection: This is how the attack on your database works

Protection against SQL injection: This is how the attack on your database works

by Tejas Dhawan

Relational database management systems (RDBMS) such as Oracle, MySQL and Microsoft SQL Server are among the most popular in the market, according to the current DB Engines ranking. Since they are considered to be very reliable and avoid inconsistencies in the data records, they have been an established standard for databases in most companies for decades.

The Structured Query Language (SQL) database language is usually used to query and edit the data in it. For example, users communicate with a server using a product search mask in a web shop, which in turn queries a database and feeds the results back to the web shop as a search result.

In this way, the stored information is susceptible to so-called SQL injection (SQLi), which injects arbitrary code into database queries. This makes it possible to read out or change information without permission. In the worst case, the intruders gain control of the entire database.