Hacking websites with SQL Injection π
- 
					
					
					
					
 What is SQL Injection ?
  SQL Injection is a attack against websites / web applications which are using SQL Database. Simply, Hacker will insert malicious SQL command and takeover the database. How Does it Work?
 Let's say, You have a code like this, <?php $username = $_POST['username']; $password = md5($_POST['password']); $sql = "SELECT * FROM `users` WHERE username = '$username' AND password = '$password'"; ?>If user input, 
 Username : admin
 Password : admin123The SQL will looks like, SELECT * FROM `users` WHERE username = 'admin' AND password = '0192023A7BBD73250516F069DF18B500'It will works fine, 
 But If user input, If your input, 
 Username : admin' OR 1 = 1 --
 Password : admin123The SQL will looks like, SELECT * FROM `users` WHERE username = 'admin' OR 1 = 1 --' AND password = '0192023A7BBD73250516F069DF18B500'Here you can see, The password query will be commented (Will not Execute). 
 And1 = 1is always true, The hacker can get all the information of Users.They can delete or change any record too. Click Here | Watch SQl Injection tutorial SQL Injection Strings Click Here | Some injection Strings 
 How to prevent SQL Injections?Nowadays, Most of the back-end frameworks handle injections itself. But If you don't use any frameworks, You can do it manually. Every language has built-in functions for handle SQL injections while binding data. 
- 
					
					
					
					
 very informative bro... 
- 
					
					
					
					
 @dev_lak :+1: 
- 
					
					
					
					
 This is awesome bro, nice example . Thanks 
- 
					
					
					
					
 @root :grinning: :grinning: 
- 
					
					
					
					
 Awesomeπ 
- 
					
					
					
					
 @GeethOnion ππππ 
- 
					
					
					
					
 Awesome, we want this kind of articles. Thanks 
- 
					
					
					
					
 @ciaompe :+1: :+1: 
- 
					
					
					
					
 useful b6 keep it up 
- 
					
					
					
					
 @Malith βοΈβοΈβοΈ 
 
			
		 
			
		 
			
		 
			
		