Lesson 5: SQL Injection — When the user writes SQL
SQL is a simple language computers use to talk to a database — 'give me all users', 'store this order'. Most websites build SQL queries by taking what the user typed and weaving it directly into the command. The problem: if the input isn't cleaned, an attacker can 'escape' the data context and injec
SQL Injection is like someone at a restaurant who, instead of ordering a dish, writes extra kitchen instructions on the order paper and sneaks them into the kitchen — and the chef executes them without checking.
- SQL Injection
- A vulnerability where unsanitized user input is inserted directly into a SQL query, allowing an attacker to alter the query's logic.
- Parameterized query
- A SQL query where input values are passed as separate parameters, never concatenated into the query text — prevents SQL Injection.
- Payload
- The malicious input the attacker sends — e.g., `' OR '1'='1` — to exploit a vulnerability.
- UNION SELECT
- A SQL keyword that merges results from two queries. In SQLi context, an attacker can use it to extract data from other tables.