Oracle Security: SQL Injection

From Robs_Wiki
Revision as of 08:44, 28 January 2020 by Qadmin wiki (talk | contribs) (Created page with "__TOC__ == What is SQL Injection ? == SQL injection is a technique to maliciously exploit applications that use client-supplied data in SQL statements. Attackers trick the SQ...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

What is SQL Injection ?

SQL injection is a technique to maliciously exploit applications that use client-supplied data in SQL statements. Attackers trick the SQL engine into executing unintended commands by supplying specially crafted string input, thereby gaining unauthorized access to a database in order to view or manipulate restricted data.

How does SQL Injection take place?

Incorrectly validated or nonvalidated string literals are concatenated into a dynamic SQL statement, and interpreted as code by the SQL engine.