![]() The post variable value is stored in the $id variable, which is used in SQL queries to get user information. In the second box, PHP codes accept post variable value sent via a form field. ![]() Take a look at the 3 boxes, the first box shows, form field where the malicious user is sending the value “15 or 1=1”. SQL injection using batched SQL statements.There are mainly three types of SQL injections: By using SQL injection, a hacker may get access to other users’ passwords and other sensitive information. Since the SQL statements are text keywords, it is possible to dynamically change SQL statements, and run some SQL commands which may display other user information or destroy the database. It is common to let the users interact with the database using form fields. The SQL statements are used to manage the database from a web page or application. SQL injection is a method where a malicious user can inject some SQL commands to display other information or destroy the database, using form fields on a web page or application. Data Structures and Algorithms Tutorials.
0 Comments
Leave a Reply. |